fig2dev:stretch is vulnerable to denial of service. The vulnerability exists because read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
CPE | Name | Operator | Version |
---|---|---|---|
fig2dev:stretch | eq | 1:3.2.6a-2+deb9u3 | |
fig2dev:stretch | eq | 1:3.2.6a-2+deb9u3 |
lists.debian.org/debian-lts-announce/2021/10/msg00002.html
lists.fedoraproject.org/archives/list/[email protected]/message/7XOY5NXUZ6JRBBPYA3CXWGRGQTSDVVG2/
lists.fedoraproject.org/archives/list/[email protected]/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/
security-tracker.debian.org/tracker/CVE-2019-19797
sourceforge.net/p/mcj/tickets/67/