Aggregates CVE and security vulnerability intelligence across all xfig_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption and vendor risk buffer overflow and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-45920 | Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager. | [email protected] | 4.2 | 0.01% | 2024-03-27 | 2025-11-04 |
| CVE-2021-40241 | xfig 3.2.7 is vulnerable to Buffer Overflow. | [email protected] | 9.8 | 0.40% | 2022-10-31 | 2025-05-07 |
| CVE-2021-32280 | An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8. | [email protected] | 5.5 | 0.09% | 2021-09-20 | 2024-11-21 |
| CVE-2020-21535 | fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. | [email protected] | 5.5 | 0.52% | 2021-09-16 | 2024-11-21 |
| CVE-2020-21534 | fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. | [email protected] | 5.5 | 0.39% | 2021-09-16 | 2024-11-21 |
| CVE-2020-21533 | fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. | [email protected] | 5.5 | 0.39% | 2021-09-16 | 2024-11-21 |
| CVE-2020-21532 | fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. | [email protected] | 5.5 | 0.52% | 2021-09-16 | 2024-11-21 |
| CVE-2020-21531 | fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. | [email protected] | 5.5 | 0.52% | 2021-09-16 | 2024-11-21 |
| CVE-2020-21530 | fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. | [email protected] | 5.5 | 0.40% | 2021-09-16 | 2024-11-21 |
| CVE-2020-21529 | fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. | [email protected] | 5.5 | 0.51% | 2021-09-16 | 2024-11-21 |
| CVE-2019-19797 | read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. | [email protected] | 5.5 | 0.46% | 2019-12-15 | 2024-11-21 |
| CVE-2019-19555 | read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. | [email protected] | 5.5 | 0.27% | 2019-12-04 | 2024-11-21 |
| CVE-2019-14275 | Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. | [email protected] | 5.5 | 0.50% | 2019-07-26 | 2024-11-21 |
| CVE-2017-16899 | An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c. | [email protected] | 7.1 | 0.41% | 2017-11-20 | 2026-05-13 |