Published: 12/12/2019 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fig2dev project fig2dev 3.2.7b
fedoraproject fedora 31
fedoraproject fedora 32

Debian Bug report logs - #946628 fig2dev: CVE-2019-19746 Package: src:fig2dev; Maintainer for src:fig2dev is Roland Rosenfeld <roland@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 12 Dec 2019 09:36:02 UTC Severity: normal Tags: security, upstream Found in version fig2dev/1:327b-2 ...

read_colordef in readc in Xfig fig2dev 327b has an out-of-bounds write (CVE-2019-19797) make_arrow in arrowc in Xfig fig2dev 327b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (CVE-2019-19746) ...

CWE-787 CWE-190 https://sourceforge.net/p/mcj/tickets/57/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7XOY5NXUZ6JRBBPYA3CXWGRGQTSDVVG2/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946628 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2020-1398.html

CVE-2019-19746

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect