Xfig

xfig

Vendor: Xfig Project • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-45920 1Xfig Project 1Xfig Nov 4, 2025 Mar 27, 2024 N/A· v4 4.2 MEDIUM· v3 N/A· v2 Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalou...Show more Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager.Show less
CVE-2021-40241 1Xfig Project 1Xfig May 7, 2025 Oct 31, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 xfig 3.2.7 is vulnerable to Buffer Overflow.
CVE-2019-19555 1Xfig Project 1Xfig Nov 21, 2024 Dec 4, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.
CVE-2017-16899 2Debian Xfig Project 2Debian Linux Xfig May 13, 2026 Nov 20, 2017 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font valu...Show more An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.Show less