An array index error in the fig2dev program in Xfig 3.2.6a allows remote malicious users to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xfig project xfig 3.2.6a |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |