Lucene search

Gentoo FoundationGLSA-201312-16

HistoryDec 27, 2013 - 12:00 a.m.

Xfig: Arbitrary code execution

2013-12-2700:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.039

Percentile

92.0%

JSON

Background

Xfig is an interactive drawing tool.

Description

Xfig contains a buffer overflow vulnerability in processing certain FIG images.

Impact

A remote attacker could entice a user to open a specially-crafted file, potentially resulting in arbitrary code execution or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Xfig users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-gfx/xfig-3.2.5b-r1"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since January 09, 2011. It is likely that your system is already no longer affected by this issue.

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-gfx/xfig< 3.2.5b-r1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	media-gfx/xfig	< 3.2.5b-r1	UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.039

Percentile

92.0%

JSON

Related for GLSA-201312-16