The vulnerability of the `shade_or_tint_name_after_declare_color` function in the `genpstricks.c` component, a utility for converting .fig files with the .fig2dev extension, allows a malicious actor to cause a service failure.

🗓️ 05 Apr 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Buffer overflow in shade_or_tint_name_after_declare_color in genpstricks.c enables fig2dev conversion to crash service.

Reporter	Title	Published	Views	Family All 51
Amazon	Medium: transfig	22 Aug 202300:00	–	amazon
Tenable Nessus	Amazon Linux AMI : transfig (ALAS-2023-1807)	23 Aug 202300:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : transfig (openSUSE-SU-2021:1439-1)	3 Nov 202100:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : transfig (openSUSE-SU-2021:1481-1)	19 Nov 202100:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : transfig (openSUSE-SU-2021:3584-1)	30 Oct 202100:00	–	nessus
Tenable Nessus	RHEL 6 : transfig (Unpatched Vulnerability)	11 May 202400:00	–	nessus
Tenable Nessus	RHEL 7 : transfig (Unpatched Vulnerability)	11 May 202400:00	–	nessus
Tenable Nessus	SUSE SLES11 Security Update : transfig (SUSE-SU-2021:14823-1)	7 Oct 202100:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : transfig (SUSE-SU-2021:3124-1)	17 Sep 202100:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:3584-1)	30 Oct 202100:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-21683
security-tracker	www.security-tracker.debian.org/tracker/CVE-2020-21683
sourceforge	www.sourceforge.net/p/mcj/fig2dev/ci/639c36010a120e97a6e82e7cd57cbf9dbf4b64f1/
sourceforge	www.sourceforge.net/p/mcj/tickets/77/
web	www.web.nvd.nist.gov/view/vuln/detail

05 Apr 2022 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 36.5

CVSS 27.1

EPSS0.00782

buffer overflow shade or tint function genpstricks.c fig2dev conversion service failure