Mageia 7 MGASA-2020-0116 Moderate: Transfig Buffer Overflow
mageia
March 6, 2020
The updated package fixes security vulnerabilities: Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c
Summary
The updated package fixes security vulnerabilities:
Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow
function in bound.c. (CVE-2019-14275)
read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer
overflow because of an incorrect sscanf. (CVE-2019-19555)
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault
and out-of-bounds write because of an integer overflow via a large arrow
type. (CVE-2019-19746)
read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
(CVE-2019-19797)
References
- https://bugs.mageia.org/show_bug.cgi?id=26146
- https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7DHT2H26YTJQC3SPYPFUPZZJG26MWGTL/
- https://www.cve.org/CVERecord?id=CVE-2019-14275
- https://www.cve.org/CVERecord?id=CVE-2019-19555
- https://www.cve.org/CVERecord?id=CVE-2019-19746
- https://www.cve.org/CVERecord?id=CVE-2019-19797
Topics Covered
Resolution
SRPMS
- 7/core/transfig-3.2.7a-3.1.mga7
PREVIOUS
NEXT
Publication date: 06 Mar 2020
URL: https://advisories.mageia.org/MGASA-2020-0116.html
Type: security
CVE: CVE-2019-14275,
CVE-2019-19555,
CVE-2019-19746,
CVE-2019-19797
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!