Overview

File _patchinfo of Package patchinfo.8598

<patchinfo incident="8598">
  <issue tracker="bnc" id="1106531">VUL-1: CVE-2018-16140: transfig: A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7aallows an attacker to write prior to the beginning of the buffer via a crafted.fig file.</issue>
  <issue tracker="bnc" id="1143650">VUL-1: CVE-2019-14275: transfig,xfig: stack-based buffer overflow in the calc_arrow function in bound.c</issue>
  <issue tracker="cve" id="2019-14275"/>
  <issue tracker="cve" id="2018-16140"/>
  <category>security</category>
  <rating>low</rating>
  <packager>WernerFink</packager>
  <description>This update for transfig fixes the following issues:

Security issue fixed:

- CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function (bsc#1143650).
- CVE-2018-16140: Fixed a buffer underwrite vulnerability in get_line() in
  read.c, which allowed an attacker to write prior to the beginning of the
  buffer via specially crafted .fig file (bsc#1106531)
</description>
  <summary>Security update for transfig</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places