suse · CVE-2017-16899

Quick triage

Priority: medium Published: 2021-05-30 14:04:22 UTC Updated: 2025-03-25 00:43:58 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-16899 severity moderate: SUSE including 9 source package names (transfig, transfig-3.2.5-160.3.2, …), 26 product×package rows across 25 product lines (SUSE Linux Enterprise Desktop 12 SP2, SUSE Linux Enterprise Desktop 12 SP3, … (25 product lines)): Fixed 22, Known Not Affected 4.

Description:

An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.

cvelogic Threat Intelligence