Buffer Underwrite Vulnerability in Fig2dev Affects Multiple Platforms
CVE-2018-16140

7.8HIGH

Key Information:

Vendor
Canonical
Status
Ubuntu Linux
Vendor
CVE Published:
30 August 2018

Summary

A buffer underwrite vulnerability has been identified in Fig2dev 3.2.7a that may enable an attacker to write data prior to the start of the buffer, potentially leading to arbitrary code execution or data corruption through a specially crafted .fig file. This flaw can pose significant risks for affected systems by allowing attackers to manipulate memory in ways that can bypass security protections. System administrators are urged to apply recommended patches and security updates to mitigate this threat.

References

https://sourceforge.net/p/mcj/tickets/28/
x_refsource_MISC
https://usn.ubuntu.com/3760-1/
vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2020/01/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.