CVE-2018-16140

Опубликовано: 30 авг. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.

Ссылки

https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html
https://sourceforge.net/p/mcj/tickets/28/
Third Party Advisory
https://usn.ubuntu.com/3760-1/
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html
https://sourceforge.net/p/mcj/tickets/28/
Third Party Advisory
https://usn.ubuntu.com/3760-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Конфигурация 2

cpe:2.3:a:fig2dev_project:fig2dev:3.2.7a:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00322

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2018-16140

CVSS3: 7.8

ubuntu

больше 7 лет назад

A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.

CVE-2018-16140

CVSS3: 3.3

redhat

больше 7 лет назад

A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.

CVE-2018-16140

CVSS3: 7.8

debian

больше 7 лет назад

A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3. ...

openSUSE-SU-2019:1455-1

suse-cvrf

больше 6 лет назад

Security update for transfig

SUSE-SU-2019:1291-1

suse-cvrf

больше 6 лет назад

Security update for transfig

EPSS

Процентиль: 55%

0.00322

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787