CVE-2009-4228

Published: Dec 8, 2009Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c.

Affected (3)

Products: Xfig: Xfig

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Xfig Xfig	Up to 3.2.5b
Xfig Xfig	Version 3.2.4
Xfig Xfig	Version 3.2.5

Related CWEs

References (8)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559274

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:010

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0108

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=543905

Source: cve@mitre.org

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559274

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:010

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0108

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=543905

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.