Source: fig2dev Version: 1:3.2.7a-2 Severity: important Tags: patch security upstream Forwarded: https://sourceforge.net/p/mcj/tickets/28/
Hi, The following vulnerability was published for fig2dev. CVE-2018-16140[0]: | A buffer underwrite vulnerability in get_line() (read.c) in fig2dev | 3.2.7a allows an attacker to write prior to the beginning of the buffer | via a crafted .fig file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16140 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16140 [1] https://sourceforge.net/p/mcj/tickets/28/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore