cpe:/a:xfig:xfig:3.2.5 cpe:/a:xfig:xfig:3.2.5b CVE-2009-4227 2009-12-08T13:30:00.313-05:00 2017-08-16T21:31:29.850-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-12-09T09:57:00.000-05:00 BID 37193 SECUNIA 37571 SECUNIA 37577 VUPEN ADV-2011-0108 MANDRIVA MDVSA-2011:010 MLIST [oss-security] 20091203 CVE Request -- xfig CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559274 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=543905 XF xfig-read13textobject-bo(54525) Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information.