MGASA-2023-0101

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2023-0101.html

Import Source

https://advisories.mageia.org/MGASA-2023-0101.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2023-0101

Related

CVE-2021-40241

Published

2023-03-18T22:16:28Z

Modified

2023-03-18T21:07:38Z

Summary

Updated xfig packages fix security vulnerability

Details

A potential buffer overflow exists in the file src/w_help.c at line 55. Specifically, the length of the string returned by getenv("LANG") may become very long and cause a buffer overflow while executing the sprintf() function. This vulnerability could potentially allow an attacker to execute arbitrary code or cause a denial-of-service condition. (CVE-2021-40241)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / xfig

Package

Name: xfig
Purl: pkg:rpm/mageia/xfig?arch=source&distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.7b-1.1.mga8

Ecosystem specific

{
    "section": "core"
}