Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 879017 (CVE-2021-40241)

Summary: <media-gfx/xfig-3.2.8b: buffer overflow vulnerability
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: maintainer-needed
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992395
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-01 15:27:35 UTC 
CVE-2021-40241:

xfig 3.2.7 is vulnerable to Buffer Overflow.

The buffer overflow is only exploitable via an environment variable,
so I don't see how this is really impactful.
Comment 1 Hans de Graaff gentoo-dev Security 2023-10-15 07:18:37 UTC 
The bug report indicates that this is fixed in 3.2.8a and we only have 3.2.8b in the repository right now.

GLSA vote: no.