4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
51.6%
The updated package fixes security vulnerabilities: Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. (CVE-2019-14275) read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. (CVE-2019-19555) make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. (CVE-2019-19746) read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | transfig | < 3.2.7a-3.1 | transfig-3.2.7a-3.1.mga7 |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
51.6%