A stack-based buffer overflow flaw was found in the way Xfig processed certain FIG images. A remote attacker could create a FIG image with specially-crafted color definition, and trick the local, unsuspecting user into opening it, which could lead to xfig executable crash or, potentially, arbitrary code execution with the privileges of the user running the executable. References: [1] https://bugzilla.redhat.com/show_bug.cgi?id=657981 Public PoC: [2] https://bugzilla.redhat.com/attachment.cgi?id=463393 Flaw severity note: On systems with compile time buffer checks (FORTIFY_SOURCE) feature enabled, the impact of this flaw is mitigated to be only crash.
This issue affects the versions of the xfig package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. -- This issue affects the versions of the xfig package, as shipped with Fedora release of 13 and 14. Please schedule an update.
Created attachment 464564 [details] Local copy of the public PoC from [2]
CVE Request: [3] http://www.openwall.com/lists/oss-security/2010/12/03/2
Statement: (none)
Created attachment 464628 [details] Patch fixing this. Hi All, Here is a patch which was send to me by the suse xfig maintainer "Dr. Werner Fink" <werner> with whom I've worked together on various other xfig bugs. I've reviewed and tested this and I can confirm it fixes the bug. I'm going to prepare a Fedora xfig update for this, with this patch. Regards, Hans
This has been assigned CVE-2010-4262.
*** Bug 657981 has been marked as a duplicate of this bug. ***