ASA-201804-9 log original external raw

[ASA-201804-9] xfig: information disclosure
Arch Linux Security Advisory ASA-201804-9 ========================================= Severity: Medium Date : 2018-04-19 CVE-ID : CVE-2017-16899 Package : xfig Type : information disclosure Remote : Yes Link : Summary ======= The package xfig before version 3.2.7-1 is vulnerable to information disclosure. Resolution ========== Upgrade to 3.2.7-1. # pacman -Syu "xfig>=3.2.7-1" The problem has been fixed upstream in version 3.2.7. Workaround ========== None. Description =========== An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c. Impact ====== A remote attacker is able to crash the application or possibly disclose sensitive information on the affected host. References ==========