CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-14275 – Ubuntu Security Notice USN-5864-1
https://notcve.org/view.php?id=CVE-2019-14275
26 Jul 2019 — Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. Xfig fig2dev versión 3.2.7a presenta un Desbordamiento de Búfer en la Región Stack de la Memoria en la función calc_arrow function en archivo bound.c. Frederic Cambus discovered that Fig2dev incorrectly handled certain image files. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00043.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-16140 – Ubuntu Security Notice USN-3760-1
https://notcve.org/view.php?id=CVE-2018-16140
30 Aug 2018 — A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. Una vulnerabilidad de subescritura de búfer en get_line() (en read.c) en fig2dev 3.2.7a permite que un atacante escriba antes del comienzo del búfer mediante un archivo .fig manipulado. It was discovered that transfig incorrectly handled certain FIG files. An attacker could possibly use this to execute arbitrary code. • https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html • CWE-787: Out-of-bounds Write •