Date: Thu, 03 Dec 2009 14:37:47 +0100 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security <oss-security@...ts.openwall.com> Subject: CVE Request -- xfig Hi Josh, Steve, vendors, PEDAMACHEPHEPTOLIONES reported  a stack-based buffer overflow present in Xfig by loading malformed .FIG files. From what I can tell, xfig-3.2.d doesn't seem to be affected by this, but xfig-3.2.4 && xfig-3.2.5 clearly are. Also, the reporter claims about arbitrary code execution possibility, but I don't think this is possible due the non-executable stack protection. Anyway, could you allocate a CVE identifier? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559274
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ