CVE-2023-45920 - Vulnerability Details - OpenCVE

Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:xfig_project:xfig:3.2.8:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors	Products
Xfig Project Subscribe	Xfig Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://packetstormsecurity.com/files/176803/Xfig-3.2.8-Null-Pointer.html
http://seclists.org/fulldisclosure/2024/Jan/48
https://sourceforge.net/p/mcj/tickets/155/

History

Tue, 04 Nov 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		http://packetstormsecurity.com/files/176803/Xfig-3.2.8-Null-Pointer.html

Fri, 10 Oct 2025 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Xfig Project Xfig Project xfig
CPEs		cpe:2.3:a:xfig_project:xfig:3.2.8:::::::*
Vendors & Products		Xfig Project Xfig Project xfig

Thu, 21 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476
Metrics		cvssV3_1 `{'score': 4.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-03-27T00:00:00.000Z

Updated: 2025-11-04T18:17:59.554Z

Reserved: 2023-10-16T00:00:00.000Z

Link: CVE-2023-45920

Vulnrichment

Updated: 2025-11-04T18:17:59.554Z

NVD

Status : Modified

Published: 2024-03-27T05:15:47.140

Modified: 2025-11-04T19:16:02.020

Link: CVE-2023-45920

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-45920", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-11-04T18:17:59.554Z", "dateReserved": "2023-10-16T00:00:00.000Z", "datePublished": "2024-03-27T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-27T04:20:20.015Z"}, "descriptions": [{"lang": "en", "value": "Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://sourceforge.net/p/mcj/tickets/155/"}, {"name": "20240126 Null pointer deference in XGetWMHints() of Xfig", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2024/Jan/48"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T18:05:49.101452Z", "id": "CVE-2023-45920", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-21T14:54:37.866Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://sourceforge.net/p/mcj/tickets/155/", "tags": ["x_transferred"]}, {"name": "20240126 Null pointer deference in XGetWMHints() of Xfig", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2024/Jan/48"}, {"url": "http://packetstormsecurity.com/files/176803/Xfig-3.2.8-Null-Pointer.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T18:17:59.554Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sourceforge.net/p/mcj/tickets/155/", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/48", "name": "20240126 Null pointer deference in XGetWMHints() of Xfig", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/176803/Xfig-3.2.8-Null-Pointer.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T18:17:59.554Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-45920", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-01T18:05:49.101452Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T18:05:55.009Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://sourceforge.net/p/mcj/tickets/155/"}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/48", "name": "20240126 Null pointer deference in XGetWMHints() of Xfig", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-27T04:20:20.015Z"}}}, "cveMetadata": {"cveId": "CVE-2023-45920", "state": "PUBLISHED", "dateUpdated": "2025-11-04T18:17:59.554Z", "dateReserved": "2023-10-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-03-27T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xfig_project:xfig:3.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "BE24C4D8-277A-4063-A604-CAE010F13972", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager."}, {"lang": "es", "value": "Se descubri\u00f3 que Xfig v3.2.8 conten\u00eda una desreferencia de puntero NULL al llamar a XGetWMHints(). NOTA: esto est\u00e1 en disputa porque no se espera que una aplicaci\u00f3n X contin\u00fae ejecut\u00e1ndose cuando hay un comportamiento an\u00f3malo arbitrario del servidor X o del administrador de ventanas."}], "id": "CVE-2023-45920", "lastModified": "2025-11-04T19:16:02.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-27T05:15:47.140", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jan/48"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://sourceforge.net/p/mcj/tickets/155/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/176803/Xfig-3.2.8-Null-Pointer.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jan/48"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://sourceforge.net/p/mcj/tickets/155/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}