Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 03 Dec 2009 14:37:47 +0100
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
CC: oss-security <>
Subject: CVE Request -- xfig

Hi Josh, Steve, vendors,

   PEDAMACHEPHEPTOLIONES reported [1] a stack-based buffer overflow present
in Xfig by loading malformed .FIG files.

 From what I can tell, xfig-3.2.d doesn't seem to be affected by this,
but xfig-3.2.4 && xfig-3.2.5 clearly are.

Also, the reporter claims about arbitrary code execution possibility,
but I don't think this is possible due the non-executable stack protection.

Anyway, could you allocate a CVE identifier?

Thanks && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ