Latest fig2dev project fig2dev Vulnerabilities

CVE-2021-37530
A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.
Fig2dev Project Fig2dev<=3.2.8a
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
CVE-2021-37529
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).
Fig2dev Project Fig2dev<=3.2.8a
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
CVE-2020-21676
A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
Fig2dev Project Fig2dev=3.2.7b
Debian Debian Linux=9.0
Debian Debian Linux=10.0
CVE-2020-21684
A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.
Fig2dev Project Fig2dev=3.2.7b
CVE-2020-21681
A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
Fig2dev Project Fig2dev=3.2.7b
CVE-2020-21683
A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks f...
Fig2dev Project Fig2dev=3.2.7b
CVE-2020-21682
A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
Fig2dev Project Fig2dev=3.2.7b
CVE-2020-21675
A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.
Fig2dev Project Fig2dev=3.2.7b
Debian Debian Linux=9.0
CVE-2021-3561
A flaw was found in fig2dev version 3.2.8a. A global buffer overflow in fig2dev/read.c in function read_objects may lead to memory corruption and other potential consequences. Upstream bug: <a href=...
Fig2dev Project Fig2dev=3.2.8-a
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Debian Debian Linux=9.0
CVE-2019-19746
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
Fig2dev Project Fig2dev=3.2.7b
Fedoraproject Fedora=31
Fedoraproject Fedora=32
CVE-2018-16140
A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.
ubuntu/transfig<1:3.2.5.
ubuntu/transfig<1:3.2.5.
ubuntu/fig2dev<1:3.2.7
=14.04
=16.04
=3.2.7a
and 4 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203