Debian 9902 Published by

A xfig security update has been released for Debian GNU/Linux 10 LTS to address a security issue.

DLA 3353-1: xfig security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3353-1 Anton Gladky
March 05, 2023
- -------------------------------------------------------------------------

Package : xfig
Version : 1:3.2.7a-3+deb10u1
CVE ID : CVE-2021-40241
Debian Bug : 992395

A security issue has been discovered in xfig, a diagramming tool for the
interactive generation of figures under X11.

A potential buffer overflow exists in the file src/w_help.c at line 55.
Specifically, the length of the string returned by getenv("LANG") may become
very long and cause a buffer overflow while executing the sprintf() function.
This vulnerability could potentially allow an attacker to execute arbitrary
code or cause a denial-of-service condition.

For Debian 10 buster, this problem has been fixed in version

We recommend that you upgrade your xfig packages.

For the detailed security status of xfig please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: