DEBIAN-CVE-2009-4228

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2009-4228

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2009-4228.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2009-4228

Upstream

CVE-2009-4228

Published

2009-12-08T18:30:00.327Z

Modified

2026-04-28T20:11:17.239911Z

Summary

[none]

Details

Stack consumption vulnerability in ubound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfpfig function in f_read.c.

References

https://security-tracker.debian.org/tracker/CVE-2009-4228

Affected packages

Debian:11 / xfig

Package

Name: xfig
Purl: pkg:deb/debian/xfig?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.2.8-3

1:3.2.8-3+deb11u1

1:3.2.8a-1

1:3.2.8b-1

1:3.2.8b-2

1:3.2.9-1

1:3.2.9-2

1:3.2.9-3

1:3.2.9-4

1:3.2.9a-1

1:3.2.9a-2

1:3.2.9a-3

1:3.2.9a-4

1:3.2.9a-5

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2009-4228.json"

Debian:12 / xfig

Package

Name: xfig
Purl: pkg:deb/debian/xfig?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.2.8b-2

1:3.2.9-1

1:3.2.9-2

1:3.2.9-3

1:3.2.9-4

1:3.2.9a-1

1:3.2.9a-2

1:3.2.9a-3

1:3.2.9a-4

1:3.2.9a-5

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2009-4228.json"

Debian:13 / xfig

Package

Name: xfig
Purl: pkg:deb/debian/xfig?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.2.9a-3

1:3.2.9a-4

1:3.2.9a-5

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2009-4228.json"

Debian:14 / xfig

Package

Name: xfig
Purl: pkg:deb/debian/xfig?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.2.9a-3

1:3.2.9a-4

1:3.2.9a-5

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2009-4228.json"