| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability bulletin CVE-2009-1962
Xfig: file corruptions
Synthesis of the vulnerability
| A local attacker can use symbolic links in order to force file corruptions with rights of users of Xfig. |
Severity: 1/4.
Creation date: 01/04/2009.
|
Impacted products
Description of the vulnerability
The Xfig program is used to draw.
It uses several temporary files in an insecure manner:
- xfig-eps$$ in f_readeps.c
- xfig-pic$$.pix in f_readeps.c
- xfig-pic$$.err in f_readeps.c
- xfig-pcx$$.pix in f_readgif.c
- xfig-pcx$$.pix in f_readppm.c
- xfig-pcx$$.pix in f_readtif.c
- xfig-xfigrc$$ in f_util.c
- xfig$$ in main.c
- xfig-print$$ in u_print.c
- xfig-export$$.err in u_print.c
- xfig-exp$$ in w_print.c
- xfig-spell.$$ in w_srchrepl.c
A local attacker can use symbolic links in order to force file corruptions with rights of users of Xfig. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: Xfig: file corruptions.
Keywords: Xfig corruptions f_readeps f_readgif f_readppm f_readtif f_util file u_print w_print w_srchrepl.
Identifiers: BID-34328, CVE-2009-1962, MDVSA-2009:244, MDVSA-2009:244-1, VIGILANCE-VUL-8588.
|
Information sources
Solutions for this vulnerability
Supplements
Computer vulnerabilities tracking service
Vigil@nce provides application vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.
|
