Xfig Project

xfig_project

14 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-45920 1Xfig Project 1Xfig Nov 4, 2025 Mar 27, 2024 N/A· v4 4.2 MEDIUM· v3 N/A· v2 Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalou...Show more Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager.Show less
CVE-2021-40241 1Xfig Project 1Xfig May 7, 2025 Oct 31, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 xfig 3.2.7 is vulnerable to Buffer Overflow.
CVE-2021-32280 2Debian Xfig Project 2Debian Linux Fig2dev Nov 21, 2024 Sep 20, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version o...Show more An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.Show less
CVE-2020-21535 2Debian Xfig Project 2Debian Linux Fig2dev Nov 21, 2024 Sep 16, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.
CVE-2020-21534 2Debian Xfig Project 2Debian Linux Fig2dev Nov 21, 2024 Sep 16, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.
CVE-2020-21533 2Debian Xfig Project 2Debian Linux Fig2dev Nov 21, 2024 Sep 16, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.
CVE-2020-21532 2Debian Xfig Project 2Debian Linux Fig2dev Nov 21, 2024 Sep 16, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.
CVE-2020-21531 2Debian Xfig Project 2Debian Linux Fig2dev Nov 21, 2024 Sep 16, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.
CVE-2020-21530 2Debian Xfig Project 2Debian Linux Fig2dev Nov 21, 2024 Sep 16, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.
CVE-2020-21529 2Debian Xfig Project 2Debian Linux Fig2dev Nov 21, 2024 Sep 16, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.
CVE-2019-19797 3Debian FedoraprojectXfig Project 3Debian Linux FedoraFig2dev Nov 21, 2024 Dec 15, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
CVE-2019-19555 1Xfig Project 1Xfig Nov 21, 2024 Dec 4, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.
CVE-2019-14275 3Debian OpensuseXfig Project 3Debian Linux Fig2devLeap Nov 21, 2024 Jul 26, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.
CVE-2017-16899 2Debian Xfig Project 2Debian Linux Xfig May 13, 2026 Nov 20, 2017 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font valu...Show more An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.Show less