CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-16140

A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.7%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 6.8

References

https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html
https://sourceforge.net/p/mcj/tickets/28/
https://usn.ubuntu.com/3760-1/
https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html
https://sourceforge.net/p/mcj/tickets/28/
https://usn.ubuntu.com/3760-1/

Products affected by CVE-2018-16140

Fig2dev Project » Fig2dev » Version: 3.2.7a

cpe:2.3:a:fig2dev_project:fig2dev:3.2.7a
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-16140

Products

Pricing

Contact Us