Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201804-9 ======================================== Severity: Medium Date : 2018-04-19 CVE-ID : CVE-2017-16899 Package : xfig Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-513 Summary ====== The package xfig before version 3.2.7-1 is vulnerable to information disclosure. Resolution ========= Upgrade to 3.2.7-1. # pacman -Syu "xfig>=3.2.7-1" The problem has been fixed upstream in version 3.2.7. Workaround ========= None. Description ========== An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c. Impact ===== A remote attacker is able to crash the application or possibly disclose sensitive information on the affected host. References ========= https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881143 https://security.archlinux.org/CVE-2017-16899