Bug 1515695 (CVE-2017-16899)
| Summary: | CVE-2017-16899 transfig: Array index error in the fig2dev program | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | databases-maint, dkholia, hhorak, jmlich83, kasal, mschorm, tomm.momi, trepik |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
An out-of-bounds read flaw was found in the way fig2dev program in Xfig handled the processing of Fig format files. This flaw could potentially be used to crash the fig2dev program by tricking it into processing specially crafted Fig format files.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-11-28 08:28:11 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1515696, 1515697 | ||
| Bug Blocks: | 1516207 | ||
|
Description
Andrej Nemec
2017-11-21 09:06:34 UTC
Created xfig tracking bugs for this issue: Affects: epel-7 [bug 1515696] Affects: fedora-all [bug 1515697] |