First published: Tue Aug 10 2021(Updated: )
A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fig2dev Project Fig2dev | =3.2.7b |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-21683 is a global buffer overflow vulnerability in the shade_or_tint_name_after_declare_color function in genpstricks.c of fig2dev 3.2.7b.
CVE-2020-21683 affects fig2dev 3.2.7b by allowing attackers to cause a denial of service (DOS) when converting a xfig file into pstricks format.
The severity of CVE-2020-21683 is medium, with a CVSS score of 5.5.
To fix CVE-2020-21683, users should update fig2dev to a version that is not affected, if available.
More information about CVE-2020-21683 can be found at the following reference: https://sourceforge.net/p/mcj/tickets/77/