Note:
This project will be discontinued after December 13, 2021. [more]
2019-12-12
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
Products | Fedora, Fig2dev |
Type | Out-of-bounds Write (CWE-787) Integer Overflow or Wraparound (CWE-190) |
First patch | - None (likely due to unavailable code) |
Links |
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/
• https://sourceforge.net/p/mcj/tickets/57/ • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7XOY5NXUZ6JRBBPYA3CXWGRGQTSDVVG2/ |