Bugzilla – Bug 1222057
VUL-0: CVE-2023-45920: xfig: NULL pointer dereference when calling XGetWMHints()
Last modified: 2024-04-19 09:09:34 UTC
Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45920 https://www.cve.org/CVERecord?id=CVE-2023-45920 http://seclists.org/fulldisclosure/2024/Jan/48 https://sourceforge.net/p/mcj/tickets/155/
TW is already fixed ... SLE-15 has no xfig ... SLE-12 is submitted at SR#324955
SR had been accepted
SUSE-SU-2024:1196-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1222057 CVE References: CVE-2023-45920 Maintenance Incident: [SUSE:Maintenance:33150](https://smelt.suse.de/incident/33150/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): xfig-3.2.8a-4.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.