Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2020-0116
HistoryMar 06, 2020 - 7:13 p.m.

Updated transfig packages fix security vulnerability

2020-03-0619:13:58
Gentoo Foundation
advisories.mageia.org
15

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

51.6%

JSON

The updated package fixes security vulnerabilities: Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. (CVE-2019-14275) read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. (CVE-2019-19555) make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. (CVE-2019-19746) read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)

OSVersionArchitecturePackageVersionFilename
Mageia7noarchtransfig< 3.2.7a-3.1transfig-3.2.7a-3.1.mga7

Related

openvas 15
nessus 20
suse 6
fedora 4
amazon 2
debian 2
osv 3
debiancve 4
veracode 3
nvd 4
cve 4
prion 4
cvelist 4
redhatcve 4
ubuntucve 4
cnvd 1
ubuntu 1
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0116)
2022-01-28 00:00:00
openSUSE: Security Advisory for transfig (openSUSE-SU-2021:1143-1)
2021-08-11 00:00:00
openSUSE: Security Advisory for transfig (openSUSE-SU-2021:2454-1)
2021-07-23 00:00:00
nessus
nessus
openSUSE 15 Security Update : transfig (openSUSE-SU-2021:1318-1)
2021-09-29 00:00:00
SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:2454-1)
2021-07-23 00:00:00
openSUSE 15 Security Update : transfig (openSUSE-SU-2021:1143-1)
2021-08-11 00:00:00
suse
suse
Security update for transfig (moderate)
2021-09-27 00:00:00
Security update for transfig (moderate)
2021-08-11 00:00:00
Security update for transfig (moderate)
2021-07-22 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: xfig-3.2.7b-1.fc31
2020-01-25 06:36:43
[SECURITY] Fedora 30 Update: xfig-3.2.7b-1.fc30
2020-01-24 18:52:11
[SECURITY] Fedora 31 Update: transfig-3.2.7b-1.fc31
2020-01-25 06:36:43
amazon
amazon
Medium: transfig
2020-02-24 22:12:00
Medium: transfig
2023-08-17 11:39:00
debian
debian
[SECURITY] [DLA 2073-1] transfig security update
2020-01-21 21:42:12
[SECURITY] [DLA 2778-1] fig2dev security update
2021-10-04 09:00:15
osv
osv
transfig - security update
2020-01-21 00:00:00
fig2dev vulnerabilities
2023-02-13 13:59:56
fig2dev - security update
2021-10-04 00:00:00
debiancve
debiancve
CVE-2019-19746
2019-12-12 03:15:11
CVE-2019-19797
2019-12-15 20:15:11
CVE-2019-19555
2019-12-04 17:16:44
veracode
veracode
Denial Of Service (DoS)
2023-03-06 17:45:39
Denial Of Service (DoS)
2023-03-06 17:29:33
Denial Of Service (DoS)
2021-10-05 22:19:33
nvd
nvd
CVE-2019-19555
2019-12-04 17:16:44
CVE-2019-14275
2019-07-26 04:15:11
CVE-2019-19746
2019-12-12 03:15:11
cve
cve
CVE-2019-19555
2019-12-04 17:16:44
CVE-2019-19746
2019-12-12 03:15:11
CVE-2019-14275
2019-07-26 04:15:11
prion
prion
Stack overflow
2019-12-04 17:16:00
Out-of-bounds
2019-12-15 20:15:00
Integer overflow
2019-12-12 03:15:00
cvelist
cvelist
CVE-2019-19555
2019-12-04 16:19:22
CVE-2019-14275
2019-07-26 03:16:12
CVE-2019-19746
2019-12-12 02:22:33
redhatcve
redhatcve
CVE-2019-19555
2020-02-07 15:44:32
CVE-2019-19746
2019-12-30 15:09:38
CVE-2019-14275
2020-02-07 15:44:31
ubuntucve
ubuntucve
CVE-2019-19797
2019-12-15 00:00:00
CVE-2019-14275
2019-07-26 00:00:00
CVE-2019-19746
2019-12-12 00:00:00
cnvd
cnvd
fig2dev buffer overflow vulnerability (CNVD-2021-79776)
2019-12-06 00:00:00
ubuntu
ubuntu
Fig2dev vulnerabilities
2023-02-13 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

51.6%

JSON
Related for MGASA-2020-0116
openvas15nessus20suse6fedora4amazon2debian2osv3debiancve4veracode3nvd4cve4prion4cvelist4redhatcve4ubuntucve4cnvd1ubuntu1