Vulnerability Details CVE-2019-14275
Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.7%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00019.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html
- https://sourceforge.net/p/mcj/tickets/52/
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00019.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html
- https://sourceforge.net/p/mcj/tickets/52/
Products affected by CVE-2019-14275
-
cpe:2.3:a:xfig_project:fig2dev:3.2.7
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:opensuse:leap:15.2