From $URL: A stack-based buffer overflow flaw was found in the way Xfig processed certain FIG images. A remote attacker could create a FIG image with specially-crafted color definition, and trick the local, unsuspecting user into opening it, which could lead to xfig executable crash or, potentially, arbitrary code execution with the privileges of the user running the executable. The Red Hat bug at $URL also contains a patch.
Thank you for report Tim. I've applied patch in 3.2.5b-r1. Arch teams, please stabilize, together with transfig-3.2.5d (xfig depends on transfig and thus it's good idea to stabilize them together). Target keywords: media-gfx/transfig-3.2.5d: alpha amd64 ia64 ppc64 sparc x86 hppa ppc media-gfx/xfig-3.2.5b-r1: alpha amd64 hppa ppc ppc64 sparc x86
amd64 ok
amd64 stable. Thank you Agostino.
x86 stable
Stable on alpha.
ia64/sparc stable
Stable for HPPA.
ppc64 done
ppc done
Thanks, everyone. GLSA Vote: Yes.
CVE-2010-4262 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4262): Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color definition.
Vote: yes, GLSA request filed.
This issue was resolved and addressed in GLSA 201312-16 at http://security.gentoo.org/glsa/glsa-201312-16.xml by GLSA coordinator Sergey Popov (pinkbyte).
