5.5CVSS
5.8AI Score
0.001EPSS
9.8CVSS
9.2AI Score
0.002EPSS
Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in...
5.5CVSS
6.1AI Score
0.001EPSS
An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is...
5.5CVSS
5.3AI Score
0.001EPSS
fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in...
5.5CVSS
5.7AI Score
0.001EPSS
5.5CVSS
5.7AI Score
0.001EPSS
fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in...
5.5CVSS
5.7AI Score
0.001EPSS
5.5CVSS
5.4AI Score
0.001EPSS
An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and...
7.1CVSS
6.5AI Score
0.001EPSS
fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in...
5.5CVSS
5.7AI Score
0.001EPSS
5.5CVSS
5.7AI Score
0.001EPSS
5.5CVSS
5.4AI Score
0.001EPSS
read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect...
5.5CVSS
6.1AI Score
0.001EPSS
Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color...
7.9AI Score
0.039EPSS
Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that...
7.7AI Score
0.171EPSS
Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in...
6.3AI Score
0.005EPSS
Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID],...
6.3AI Score
0.0004EPSS