make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. Reference: https://sourceforge.net/p/mcj/tickets/57/ Upstream commit: https://sourceforge.net/p/mcj/fig2dev/ci/3065abc7b4f740ed6532322843531317de782a26/
Created xfig tracking bugs for this issue: Affects: epel-7 [bug 1787042] Affects: fedora-all [bug 1787041]
fig2dev is part of transfig, not xfig. I've update the Fedora tracking bug accordingly, EPEL does not appear to have transfig, so I believe that the EPEL tracking bug can be closed, but I'm leaving that up to you. I'm also leaving any necessary updates to this bug (Summary?) up to you.
Thank you for this information. I fixed the names for this bug and closed the EPEL as notabug, I will update the other bugs as well.