Package: xfig
Version: xfig
Severity: important
Dear Maintainer,
It seems that there exists a potential Buffer Overflow.
(src/w_help.c:55)
sprintf(filename, "%s/html/%s/index.html", XFIGDOCDIR, getenv("LANG"));
the length of getenv("LANG") may become very long and cause Buffer Overflow
while executing sprintf(...).
-System Information:
Debian Release: 11.0
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.4.0-19041-Microsoft
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages xfig depends on:
pn fig2dev | transfig <none>
ii libc6 2.31-13
ii libjpeg62-turbo 1:1.5.2-2+deb10u1
ii libpng16-16 1.6.36-6
ii libx11-6 2:1.6.7-1+deb10u2
ii libxi6 2:1.7.9-1
pn libxpm4 <none>
ii libxt6 1:1.1.5-1+b3
ii sensible-utils 0.0.14
pn xaw3dg <none>
Versions of packages xfig recommends:
pn xfig-libs <none>
Versions of packages xfig suggests:
pn cups-client | lpr <none>
pn ghostscript <none>
pn gimp <none>
pn gsfonts-x11 <none>
pn netpbm <none>
pn spell <none>
pn xfig-doc <none>
