CVE-2009-4228

Description

Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c.

How to fix CVE-2009-4228

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Debian/xfig—no fix listed

Is CVE-2009-4228 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-4228