Base Score

MEDIUM5.5

CVE-2019-14275

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.

VectorLOCAL

Published Bycve@mitre.org

Published DateJul 26, 2019, 04:15

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00043.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00019.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html
https://sourceforge.net/p/mcj/tickets/52/

Base Score

MEDIUM5.5

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH