CVE-2017-16899 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-513	xfig	3.2.6-2	3.2.7-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
19 Apr 2018	ASA-201804-9	AVG-513	xfig	Medium	information disclosure

References
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881143