Package name
xfig
Date
2011-01-15
Advisory ID
MDVSA-2011:010
Affected versions
2009.0 x86_64 , 2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , 2010.1 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in xfig:

Stack-based buffer overflow in the read_1_3_textobject function in
f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject
function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier,
allows remote attackers to execute arbitrary code via a long string
in a malformed .fig file that uses the 1.3 file format. NOTE:
some of these details are obtained from third party information
(CVE-2009-4227).

Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier
allows remote attackers to cause a denial of service (application
crash) via a long string in a malformed .fig file that uses the 1.3
file format, possibly related to the readfp_fig function in f_read.c
(CVE-2009-4228).

Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a FIG image with a crafted color definition
(CVE-2010-4262).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Updated packages

2009.0 x86_64

 2d23d023c54c3e97e0785a4c132e6920  2009.0/x86_64/xfig-3.2.5-4.1mdv2009.0.x86_64.rpm 
 1939fb7dc9bea4407c6ef8fac24ed8cf  2009.0/SRPMS/xfig-3.2.5-4.1mdv2009.0.src.rpm

2010.0 x86_64

 41a861a853686f15faf79ac78d23f01b  2010.0/x86_64/xfig-3.2.5b-1.3mdv2010.0.x86_64.rpm 
 a5d6698dd7015208f7c2bdaa94eaded8  2010.0/SRPMS/xfig-3.2.5b-1.3mdv2010.0.src.rpm

2010.1 i586

 6246b2d654ecc3208eb6a1484e656680  2010.1/i586/xfig-3.2.5b-3.1mdv2010.2.i586.rpm 
 1d0ca214e51934ffe9d52e7a4ed9b589  2010.1/SRPMS/xfig-3.2.5b-3.1mdv2010.2.src.rpm

2010.0 i586

 fa216772dd4e5cce2646af8e3fdab037  2010.0/i586/xfig-3.2.5b-1.3mdv2010.0.i586.rpm 
 a5d6698dd7015208f7c2bdaa94eaded8  2010.0/SRPMS/xfig-3.2.5b-1.3mdv2010.0.src.rpm

2009.0 i586

 e39602fc8ee985c8b9a53872593a0f81  2009.0/i586/xfig-3.2.5-4.1mdv2009.0.i586.rpm 
 1939fb7dc9bea4407c6ef8fac24ed8cf  2009.0/SRPMS/xfig-3.2.5-4.1mdv2009.0.src.rpm

CS4.0 i586

 66396295f199c85cdba5b7c83efd82c6  corporate/4.0/i586/xfig-3.2.5-0.4.20060mlcs4.i586.rpm 
 047a3ee6ff83f35c6c7a167f442af9b8  corporate/4.0/SRPMS/xfig-3.2.5-0.4.20060mlcs4.src.rpm

CS4.0 x86_64

 0089a3e8d5436d7ea3a72afad505a39b  corporate/4.0/x86_64/xfig-3.2.5-0.4.20060mlcs4.x86_64.rpm 
 047a3ee6ff83f35c6c7a167f442af9b8  corporate/4.0/SRPMS/xfig-3.2.5-0.4.20060mlcs4.src.rpm

2010.1 x86_64

 e967afae295de665073e0c9ef751e86d  2010.1/x86_64/xfig-3.2.5b-3.1mdv2010.2.x86_64.rpm 
 1d0ca214e51934ffe9d52e7a4ed9b589  2010.1/SRPMS/xfig-3.2.5b-3.1mdv2010.2.src.rpm

References