CVE-2009-1962

Published: Jun 8, 2009Modified: Apr 23, 2026

4.4

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 3.4 / Impact: 6.4

Source: NVD

Description

Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.

Affected (26)

Products: Debian: Debian Linux · Xfig: Xfig

1 product

1 product

Configuration A

26 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 5.0
Xfig Xfig	Version 3.2.5