CVE-2017-16899

EPSS 0.43%
Published 20.11.2017 18:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Xfig Project ≫ Xfig Version3.2.6a

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.43%	0.614

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:N/A:P

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881143

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-16899

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-16899

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-16899

EUVD