CVE-2009-4227
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2009-4227
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2009-4227.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2009-4227
- Related
- Published
- 2009-12-08T18:30:00Z
- Modified
- 2025-04-09T00:30:58Z
- Downstream
- Summary
- [none]
- Details
-
Stack-based buffer overflow in the read13textobject function in freadold.c in Xfig 3.2.5b and earlier, and in the readtextobject function in read13.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information.
- References
-
- http://secunia.com/advisories/37571
- http://secunia.com/advisories/37577
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:010
- http://www.vupen.com/english/advisories/2011/0108
- http://www.securityfocus.com/bid/37193
- https://bugzilla.redhat.com/show_bug.cgi?id=543905
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559274
- http://www.openwall.com/lists/oss-security/2009/12/03/2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54525
- https://security-tracker.debian.org/tracker/CVE-2009-4227
Affected packages
Debian:11 / xfig
Package
- Name
- xfig
- Purl
- pkg:deb/debian/xfig?arch=source
Debian:12 / xfig
Package
- Name
- xfig
- Purl
- pkg:deb/debian/xfig?arch=source
Debian:13 / xfig
Package
- Name
- xfig
- Purl
- pkg:deb/debian/xfig?arch=source