oss-sec mailing list archives

CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 03 Dec 2010 14:07:21 +0100

Hello Josh, Steve, vendors,

  the Team of Underground Stockholm researchers reported:
  [1] https://bugzilla.redhat.com/show_bug.cgi?id=657981

  i.e:

  A stack-based buffer overflow flaw was found in
  the way Xfig processed certain FIG images. A remote
  attacker could create a FIG image with specially-crafted
  color definition, and trick the local, unsuspecting
  user into opening it, which could lead to xfig executable
  crash or, potentially, arbitrary code execution with
  the privileges of the user running the executable.

  Public PoC:
  [2] https://bugzilla.redhat.com/attachment.cgi?id=463393

  Flaw severity note:
  On systems with compile time buffer checks (FORTIFY_SOURCE)
  feature enabled, the impact of this flaw is mitigated to
  be only crash.

Could you allocate CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition Jan Lieskovsky (Dec 03)
- Re: CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition Josh Bressers (Dec 06)