Bug 1204921 - (CVE-2021-40241) VUL-0: CVE-2021-40241: xfig: Potential Buffer Overflow vulnerability in src/w_help.c
VUL-0: CVE-2021-40241: xfig: Potential Buffer Overflow vulnerability in src/w...
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: X11 Applications
Leap 15.4
Other Other
: P3 - Medium : Normal (vote)
: Leap 15.4
Assigned To: Security Team bot
E-mail List
Depends on:
  Show dependency treegraph
Reported: 2022-11-01 09:03 UTC by Stoyan Manolov
Modified: 2022-11-14 12:33 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Dr. Werner Fink 2022-11-02 07:18:42 UTC
(In reply to Stoyan Manolov from comment #0)
> CVE-2021-40241
> xfig 3.2.7 is vulnerable to Buffer Overflow.
> References:
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40241
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992395
> https://www.cve.org/CVERecord?id=CVE-2021-40241

Ah ... but what is about xfig 3.2.8a

 rpm -qi xfig
 Name        : xfig
 Version     : 3.2.8a
 Release     : bp154.1.24
 Architecture: x86_64
 Install Date: Thu Jun  2 14:19:34 2022
 Group       : Productivity/Graphics/Vector Editors
 Size        : 15141373
 License     : MIT
 Signature   : RSA/SHA256, Mon May  9 11:02:45 2022, Key ID 9c214d4065176565
 Source RPM  : xfig-3.2.8a-bp154.1.24.src.rpm
 Build Date  : Mon May  9 11:02:15 2022
 Build Host  : cloud104
 Relocations : (not relocatable)
 Packager    : https://bugs.opensuse.org
 Vendor      : openSUSE
 URL         : https://sourceforge.net/projects/mcj/
 Summary     : Facility for Interactive Generation of Figures under the X Window System
 Description :
 Xfig is a menu-driven tool that allows the user to draw and manipulate
 objects interactively in an X Window System window.  The resulting
 pictures can be saved, printed on PostScript printers, or converted to
 a variety of other formats (to allow inclusion in LaTeX documents, for
 Distribution: SUSE Linux Enterprise 15 SP4

... from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992395 I see

 Fixed in version xfig/1:3.2.8a-1