Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-2778.NASL
HistoryOct 10, 2021 - 12:00 a.m.

Debian DLA-2778-1 : fig2dev - LTS security update

2021-10-1000:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7

6.5 Medium

AI Score

Confidence

High

JSON

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2778 advisory.

  • read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)

  • fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.
    (CVE-2020-21529)

  • fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. (CVE-2020-21530)

  • fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.
    (CVE-2020-21531)

  • fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. (CVE-2020-21532)

  • fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.
    (CVE-2020-21533)

  • fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. (CVE-2020-21534)

  • fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. (CVE-2020-21535)

  • A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. (CVE-2020-21675)

  • A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
    (CVE-2020-21676)

  • An issue was discovered in fig2dev before 3.2.8… A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8. (CVE-2021-32280)

  • An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. (CVE-2021-3561)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-2778. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(153965);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/28");

  script_cve_id(
    "CVE-2019-19797",
    "CVE-2020-21529",
    "CVE-2020-21530",
    "CVE-2020-21531",
    "CVE-2020-21532",
    "CVE-2020-21533",
    "CVE-2020-21534",
    "CVE-2020-21535",
    "CVE-2020-21675",
    "CVE-2020-21676",
    "CVE-2021-3561",
    "CVE-2021-32280"
  );

  script_name(english:"Debian DLA-2778-1 : fig2dev - LTS security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-2778 advisory.

  - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)

  - fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.
    (CVE-2020-21529)

  - fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. (CVE-2020-21530)

  - fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.
    (CVE-2020-21531)

  - fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. (CVE-2020-21532)

  - fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.
    (CVE-2020-21533)

  - fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. (CVE-2020-21534)

  - fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. (CVE-2020-21535)

  - A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers
    to cause a denial of service (DOS) via converting a xfig file into ptk format. (CVE-2020-21675)

  - A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows
    attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
    (CVE-2020-21676)

  - An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function
    compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The
    fixed version of fig2dev is 3.2.8. (CVE-2021-32280)

  - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could
    allow an attacker to provide a crafted malicious input causing the application to either crash or in some
    cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as
    system availability. (CVE-2021-3561)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/fig2dev");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/lts/security/2021/dla-2778");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-19797");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-21529");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-21530");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-21531");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-21532");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-21533");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-21534");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-21535");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-21675");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-21676");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-32280");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-3561");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/stretch/fig2dev");
  script_set_attribute(attribute:"solution", value:
"Upgrade the fig2dev packages.

For Debian 9 stretch, these problems have been fixed in version 1");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3561");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/10/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/10/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fig2dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:transfig");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('audit.inc');
include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var release = get_kb_item('Host/Debian/release');
if ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');
var release = chomp(release);
if (! preg(pattern:"^(9)\.[0-9]+", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '9.0', 'prefix': 'fig2dev', 'reference': '1:3.2.6a-2+deb9u4'},
    {'release': '9.0', 'prefix': 'transfig', 'reference': '1:3.2.6a-2+deb9u4'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (release && prefix && reference) {
    if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fig2dev / transfig');
}
VendorProductVersionCPE
debiandebian_linuxfig2devp-cpe:/a:debian:debian_linux:fig2dev
debiandebian_linuxtransfigp-cpe:/a:debian:debian_linux:transfig
debiandebian_linux9.0cpe:/o:debian:debian_linux:9.0

References

Related

osv 3
debian 2
openvas 19
nessus 21
ubuntu 1
suse 8
debiancve 12
cnvd 10
prion 12
cve 12
ubuntucve 12
redhatcve 12
veracode 6
fedora 6
amazon 4
mageia 2
osv
osv
fig2dev - security update
2021-10-04 00:00:00
fig2dev vulnerabilities
2023-02-13 13:59:56
fig2dev - security update
2023-01-31 00:00:00
debian
debian
[SECURITY] [DLA 2778-1] fig2dev security update
2021-10-04 09:00:15
[SECURITY] [DLA 3304-1] fig2dev security update
2023-01-31 20:44:31
openvas
openvas
Debian: Security Advisory (DLA-2778-1)
2021-10-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3585-1)
2021-11-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:14836-1)
2021-11-02 00:00:00
nessus
nessus
SUSE SLES11 Security Update : transfig (SUSE-SU-2021:14836-1)
2021-11-03 00:00:00
SUSE SLES12 Security Update : transfig (SUSE-SU-2021:3585-1)
2021-10-30 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Fig2dev vulnerabilities (USN-5864-1)
2023-02-13 00:00:00
ubuntu
ubuntu
Fig2dev vulnerabilities
2023-02-13 00:00:00
suse
suse
Security update for transfig (important)
2021-11-02 00:00:00
Security update for transfig (important)
2021-10-29 00:00:00
Security update for transfig (important)
2021-11-18 00:00:00
debiancve
debiancve
CVE-2020-21533
2021-09-16 21:15:00
CVE-2020-21675
2021-08-10 21:15:00
CVE-2021-32280
2021-09-20 16:15:00
cnvd
cnvd
fig2dev stack buffer overflow vulnerability
2021-09-17 00:00:00
fig2dev stack buffer overflow vulnerability (CNVD-2021-68461)
2021-08-11 00:00:00
fig2dev stack buffer overflow vulnerability (CNVD-2021-78419)
2021-09-17 00:00:00
prion
prion
Stack overflow
2021-09-16 21:15:00
Out-of-bounds
2019-12-15 20:15:00
Stack overflow
2021-08-10 21:15:00
cve
cve
CVE-2020-21533
2021-09-16 21:15:00
CVE-2019-19797
2019-12-15 20:15:00
CVE-2020-21676
2021-08-10 21:15:00
ubuntucve
ubuntucve
CVE-2020-21533
2021-09-16 00:00:00
CVE-2020-21676
2021-08-10 00:00:00
CVE-2019-19797
2019-12-15 00:00:00
redhatcve
redhatcve
CVE-2021-32280
2021-09-21 19:10:46
CVE-2020-21533
2021-09-17 18:35:08
CVE-2019-19797
2019-12-27 14:38:49
veracode
veracode
Denial Of Service (DoS)
2021-10-05 22:19:33
Denial Of Service (DoS)
2021-10-05 22:17:32
Denial Of Service (DoS)
2021-08-15 08:40:08
fedora
fedora
[SECURITY] Fedora 33 Update: transfig-3.2.8a-2.fc33
2021-06-07 00:51:39
[SECURITY] Fedora 34 Update: transfig-3.2.8a-2.fc34
2021-06-07 01:16:34
[SECURITY] Fedora 31 Update: xfig-3.2.7b-1.fc31
2020-01-25 06:36:43
amazon
amazon
Medium: transfig
2021-07-01 01:08:00
Medium: transfig
2023-07-20 17:30:00
Medium: transfig
2020-02-24 22:12:00
mageia
mageia
Updated transfig package fixes a security vulnerability
2021-07-27 23:21:53
Updated transfig packages fix security vulnerability
2020-03-06 19:13:58

6.5 Medium

AI Score

Confidence

High

JSON
Related for DEBIAN_DLA-2778.NASL
osv3debian2openvas19nessus21ubuntu1suse8debiancve12cnvd10prion12cve12ubuntucve12redhatcve12veracode6fedora6amazon4mageia2