Advisories » MGASA-2017-0469

Updated transfig package fix security vulnerability

Publication date: 25 Dec 2017
Modification date: 25 Dec 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-16899

Description

An out-of-bounds read flaw was found in the way fig2dev program in Xfig
handled the processing of Fig format files. This flaw could potentially
be used to crash the fig2dev program by tricking it into processing
specially crafted Fig format files (CVE-2017-16899).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22199
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MCUENJQNHVYLROFSXJPDPPHHAYFYM3Z2/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16899

SRPMS

5/core

• transfig-3.2.5d-8.1.mga5

6/core

• transfig-3.2.5d-9.1.mga6