CVE-2021-3561: Buffer Overflow
First published: Fri Apr 30 2021(Updated: )
A flaw was found in fig2dev version 3.2.8a. A global buffer overflow in fig2dev/read.c in function read_objects may lead to memory corruption and other potential consequences. Upstream bug: <a href="https://sourceforge.net/p/mcj/tickets/116/">https://sourceforge.net/p/mcj/tickets/116/</a> Upstream fix: <a href="https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/">https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fig2dev Project Fig2dev | =3.2.8-a | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 | |
| Debian Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1955675
- https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C44WSY5KAQXC3Y2NMSVXXZS3M5U5U2E6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKMOIQX6GULVSYXLYW5JQY6KJNTWV3E4/
- https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/
- https://sourceforge.net/p/mcj/tickets/116/
- https://access.redhat.com/security/cve/cve-2021-3561
Frequently Asked Questions
What is CVE-2021-3561?
CVE-2021-3561 is an Out of Bounds flaw found in fig2dev version 3.2.8a.
What is the impact of CVE-2021-3561?
The highest threat from CVE-2021-3561 is to integrity, as it can cause memory corruption or application crashes.
Which software versions are affected by CVE-2021-3561?
CVE-2021-3561 affects fig2dev version 3.2.8a, Fedora versions 33 and 34, and Debian Linux version 9.0.
How can CVE-2021-3561 be exploited?
CVE-2021-3561 can be exploited by providing a crafted malicious input to the application.
Where can I find more information about CVE-2021-3561?
You can find more information about CVE-2021-3561 in the following references: [Bugzilla Red Hat](https://bugzilla.redhat.com/show_bug.cgi?id=1955675), [Debian LTS Announce](https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html), [Fedora Project](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C44WSY5KAQXC3Y2NMSVXXZS3M5U5U2E6/).
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3561
- vendor/fig2dev project
- canonical/fig2dev project fig2dev
- version/fig2dev project fig2dev/3.2.8-a
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0