ALAS-2023-1807 --- transfigID: oval:org.secpod.oval:def:1601765 | Date: (C)2023-09-01 (M)2024-01-29 |
Class: PATCH | Family: unix |
A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service via converting a xfig file into mp format. A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service via converting a xfig file into ge format. A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service via converting a xfig file into ge format. A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service via converting a xfig file into pstricks format. A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service via converting a xfig file into pict2e format. An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8
Platform: |
Amazon Linux AMI |