Описание
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).
A double-free vulnerability was found in fig2dev in the free_stream() function of 'readpics.c'. This issue occurs due to freeing the memory for long file names. This flaw allows an attacker to pass a crafted file to fig2dev, causing a double-free fault that can lead to a denial of service.
Отчет
Red Hat Enterprise Linux is not affected by this vulnerability as Red Hat ships fig2dev v3.2.7b and lower versions whereas it affects fig2dev v3.2.8a and upper versions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | transfig | Not affected | ||
| Red Hat Enterprise Linux 7 | transfig | Not affected | ||
| Red Hat Enterprise Linux 8 | transfig | Not affected | ||
| Red Hat Enterprise Linux 9 | transfig | Not affected |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).
A double-free vulnerability exists in fig2dev through 3.28a is affecte ...
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).
Уязвимость функции free_stream утилиты для преобразования файлов с расширением fig fig2dev , связанная с ошибкой повторного освобождения памяти, позволяющая нарушителю вызвать отказ в обслуживании
5.5 Medium
CVSS3