CVE-2024-43700
Publication date 29 August 2024
Last updated 26 August 2025
Ubuntu priority
Description
xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| xfpt | 26.04 LTS resolute |
Needs evaluation
|
| 25.10 questing |
Needs evaluation
|
|
| 24.04 LTS noble |
Fixed 1.00-2ubuntu0.24.04.1
|
|
| 22.04 LTS jammy |
Fixed 0.11-1ubuntu0.1
|
|
| 20.04 LTS focal | Ignored end of standard support, was needs-triage | |
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.0 · High
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-7192-1
- xfpt vulnerability
- 9 January 2025