CVE-2018-16140

Published: Aug 30, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.

Affected (3)

Products: Canonical: Ubuntu Linux · Fig2dev Project: Fig2dev

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fig2dev Project Fig2dev	Version 3.2.7a

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html

Source: cve@mitre.org

https://sourceforge.net/p/mcj/tickets/28/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3760-1/

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://sourceforge.net/p/mcj/tickets/28/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3760-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.