Vulnerabilities > Xfig

DATE CVE VULNERABILITY TITLE RISK
2010-12-17 CVE-2010-4262 Buffer Errors vulnerability in Xfig 3.2.4/3.2.5
Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color definition.
network
xfig CWE-119
6.8
2009-12-08 CVE-2009-4228 Resource Management Errors vulnerability in Xfig 3.2.4/3.2.5
Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c.
network
xfig CWE-399
4.3
2009-12-08 CVE-2009-4227 Buffer Errors vulnerability in Xfig 3.2.5
Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format.
network
xfig CWE-119
6.8
2009-06-08 CVE-2009-1962 Link Following vulnerability in multiple products
Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.
4.4