A stack-based buffer overflow flaw was found in
the way Xfig processed certain FIG images. A remote
attacker could create a FIG image with specially-crafted
color definition, and trick the local, unsuspecting
user into opening it, which could lead to xfig executable
crash or, potentially, arbitrary code execution with
the privileges of the user running the executable.
The Red Hat bug at $URL also contains a patch.
Thank you for report Tim. I've applied patch in 3.2.5b-r1. Arch teams, please stabilize, together with transfig-3.2.5d (xfig depends on transfig and thus it's good idea to stabilize them together).
media-gfx/transfig-3.2.5d: alpha amd64 ia64 ppc64 sparc x86 hppa ppc
media-gfx/xfig-3.2.5b-r1: alpha amd64 hppa ppc ppc64 sparc x86
amd64 stable. Thank you Agostino.
Stable on alpha.
Stable for HPPA.
GLSA Vote: Yes.
Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a FIG image with a crafted color definition.
Vote: yes, GLSA request filed.
This issue was resolved and addressed in
GLSA 201312-16 at http://security.gentoo.org/glsa/glsa-201312-16.xml
by GLSA coordinator Sergey Popov (pinkbyte).