read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
Created xfig tracking bugs for this issue:
Affects: epel-7 [bug 1786728]
Affects: fedora-all [bug 1786727]
fig2dev is part of transfig, not xfig.
I've update the Fedora tracking bug accordingly, EPEL does not appear to have transfig, so I believe that the EPEL tracking bug can be closed, but I'm leaving that up to you.
I'm also leaving any necessary updates to this bug (Summary?) up to you.
Thank you for your information.
Avoid loading and processing Fig format files from untrusted external sources.
There is no fixed upstream version yet. This issue affects latest upstream version 3.2.7, new version with fixes (comment #4) has not been released yet.