Bug 1106531 (CVE-2018-16140) - VUL-1: CVE-2018-16140: transfig: A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7aallows an attacker to write prior to the beginning of the buffer via a crafted.fig file.
Summary: VUL-1: CVE-2018-16140: transfig: A buffer underwrite vulnerability in get_lin...
Status: RESOLVED FIXED
Alias: CVE-2018-16140
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/213509/
Whiteboard: CVSSv3:SUSE:CVE-2018-16140:3.3:(AV:L/...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-30 07:05 UTC by Marcus Meissner
Modified: 2024-05-08 11:32 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Buffer_underflow_POC.fig (108 bytes, application/x-cabri)
2018-08-30 07:09 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-08-30 07:05:47 UTC 
CVE-2018-16140

A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a
allows an attacker to write prior to the beginning of the buffer via a crafted
.fig file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16140
https://sourceforge.net/p/mcj/tickets/28/
Comment 1 Marcus Meissner 2018-08-30 07:09:16 UTC 
Created attachment 781289 [details]
Buffer_underflow_POC.fig

QA REPRODUCER:

valgrind fig2dev -L jpeg Buffer_underflow_POC.fig 

(currently only reports Conditional jump on uninitialized variable, but does not report the underflow)
Comment 2 Dr. Werner Fink 2018-08-30 12:44:25 UTC 
SR#171289, SR#171290, SR#171291 on IBS and SR#632307 on OBS
Comment 4 Swamp Workflow Management 2018-08-30 13:20:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1106531) was mentioned in
https://build.opensuse.org/request/show/632307 Factory / transfig
Comment 5 Swamp Workflow Management 2019-05-20 13:12:13 UTC 
SUSE-SU-2019:1291-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 1106531
CVE References: CVE-2018-16140
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    transfig-3.2.6a-4.3.51

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2019-05-27 22:16:53 UTC 
openSUSE-SU-2019:1455-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 1106531
CVE References: CVE-2018-16140
Sources used:
openSUSE Leap 15.1 (src):    transfig-3.2.6a-lp151.4.3.1
openSUSE Leap 15.0 (src):    transfig-3.2.6a-lp150.3.3.2
Comment 8 Swamp Workflow Management 2020-06-04 13:15:10 UTC 
SUSE-SU-2020:14384-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 1106531
CVE References: CVE-2018-16140
Sources used:
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    transfig-3.2.5-160.6.20

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-06-30 19:14:55 UTC 
SUSE-SU-2020:1806-1: An update that fixes two vulnerabilities is now available.

Category: security (low)
Bug References: 1106531,1143650
CVE References: CVE-2018-16140,CVE-2019-14275
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    transfig-3.2.5e-2.8.2
SUSE Linux Enterprise Server 12-SP4 (src):    transfig-3.2.5e-2.8.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.