Bug 1786726 (CVE-2019-19797) - CVE-2019-19797 transfig: out-of-bounds write in read_colordef in read.c
Summary: CVE-2019-19797 transfig: out-of-bounds write in read_colordef in read.c
Status: NEW
Alias: CVE-2019-19797
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1786727 1786728 1826923 1826924
Blocks: 1786731
TreeView+ depends on / blocked
Reported: 2019-12-27 14:29 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-02-16 20:49 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds write flaw was found in transfig in the way the `fig2dev` program handled the processing of Fig format files. Specifically, the flaw affects the translation process of Fig codes into the box graphics language. This flaw allows for potential exploitation by crashing the `fig2dev` program by tricking it into processing specially crafted Fig format files.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2019-12-27 14:29:36 UTC
read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.


Comment 1 Guilherme de Almeida Suckevicz 2019-12-27 14:30:28 UTC
Created xfig tracking bugs for this issue:

Affects: epel-7 [bug 1786728]
Affects: fedora-all [bug 1786727]

Comment 2 Hans de Goede 2020-01-15 19:48:35 UTC
fig2dev is part of transfig, not xfig.

I've update the Fedora tracking bug accordingly, EPEL does not appear to have transfig, so I believe that the EPEL tracking bug can be closed, but I'm leaving that up to you.

I'm also leaving any necessary updates to this bug (Summary?) up to you.

Comment 3 Guilherme de Almeida Suckevicz 2020-01-16 15:05:30 UTC
Thank you for your information.

Comment 4 Mauro Matteo Cascella 2020-04-20 15:17:41 UTC
Upstream fix:

Comment 8 Mauro Matteo Cascella 2020-04-22 13:46:51 UTC

Avoid loading and processing Fig format files from untrusted external sources.

Comment 10 Mauro Matteo Cascella 2020-05-26 15:14:10 UTC
There is no fixed upstream version yet. This issue affects latest upstream version 3.2.7, new version with fixes (comment #4) has not been released yet.

Note You need to log in before you can comment on or make changes to this bug.