Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5864-1.NASL
HistoryFeb 13, 2023 - 12:00 a.m.

Ubuntu 18.04 LTS / 20.04 LTS : Fig2dev vulnerabilities (USN-5864-1)

2023-02-1300:00:00
Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
JSON

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5864-1 advisory.

  • Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.
    (CVE-2019-14275)

  • read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. (CVE-2019-19555)

  • read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)

  • fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.
    (CVE-2020-21529)

  • fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. (CVE-2020-21530)

  • fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.
    (CVE-2020-21531)

  • fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. (CVE-2020-21532)

  • fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.
    (CVE-2020-21533)

  • fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. (CVE-2020-21534)

  • fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. (CVE-2020-21535)

  • A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. (CVE-2020-21675)

  • A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
    (CVE-2020-21676)

  • An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. (CVE-2021-3561)

  • An issue was discovered in fig2dev before 3.2.8… A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8. (CVE-2021-32280)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5864-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(171392);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/16");

  script_cve_id(
    "CVE-2019-14275",
    "CVE-2019-19555",
    "CVE-2019-19797",
    "CVE-2020-21529",
    "CVE-2020-21530",
    "CVE-2020-21531",
    "CVE-2020-21532",
    "CVE-2020-21533",
    "CVE-2020-21534",
    "CVE-2020-21535",
    "CVE-2020-21675",
    "CVE-2020-21676",
    "CVE-2021-3561",
    "CVE-2021-32280"
  );
  script_xref(name:"USN", value:"5864-1");

  script_name(english:"Ubuntu 18.04 LTS / 20.04 LTS : Fig2dev vulnerabilities (USN-5864-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as
referenced in the USN-5864-1 advisory.

  - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.
    (CVE-2019-14275)

  - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect
    sscanf. (CVE-2019-19555)

  - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)

  - fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.
    (CVE-2020-21529)

  - fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. (CVE-2020-21530)

  - fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.
    (CVE-2020-21531)

  - fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. (CVE-2020-21532)

  - fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.
    (CVE-2020-21533)

  - fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. (CVE-2020-21534)

  - fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. (CVE-2020-21535)

  - A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers
    to cause a denial of service (DOS) via converting a xfig file into ptk format. (CVE-2020-21675)

  - A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows
    attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
    (CVE-2020-21676)

  - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could
    allow an attacker to provide a crafted malicious input causing the application to either crash or in some
    cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as
    system availability. (CVE-2021-3561)

  - An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function
    compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The
    fixed version of fig2dev is 3.2.8. (CVE-2021-32280)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5864-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected fig2dev and / or transfig packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3561");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/02/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fig2dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:transfig");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '18.04', 'pkgname': 'fig2dev', 'pkgver': '1:3.2.6a-6ubuntu1.1'},
    {'osver': '18.04', 'pkgname': 'transfig', 'pkgver': '1:3.2.6a-6ubuntu1.1'},
    {'osver': '20.04', 'pkgname': 'fig2dev', 'pkgver': '1:3.2.7a-7ubuntu0.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fig2dev / transfig');
}
VendorProductVersionCPE
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonicalubuntu_linuxfig2devp-cpe:/a:canonical:ubuntu_linux:fig2dev
canonicalubuntu_linuxtransfigp-cpe:/a:canonical:ubuntu_linux:transfig

Related

openvas 23
osv 4
ubuntu 1
debian 3
nessus 25
suse 10
mageia 2
veracode 8
redhatcve 14
prion 14
debiancve 14
cve 14
ubuntucve 14
cnvd 11
amazon 4
fedora 6
openvas
openvas
Ubuntu: Security Advisory (USN-5864-1)
2023-02-14 00:00:00
Debian: Security Advisory (DLA-2778-1)
2021-10-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3585-1)
2021-11-02 00:00:00
osv
osv
fig2dev vulnerabilities
2023-02-13 13:59:56
fig2dev - security update
2021-10-04 00:00:00
fig2dev - security update
2023-01-31 00:00:00
ubuntu
ubuntu
Fig2dev vulnerabilities
2023-02-13 00:00:00
debian
debian
[SECURITY] [DLA 2778-1] fig2dev security update
2021-10-04 09:00:15
[SECURITY] [DLA 3304-1] fig2dev security update
2023-01-31 20:44:31
[SECURITY] [DLA 2073-1] transfig security update
2020-01-21 21:42:12
nessus
nessus
Debian DLA-2778-1 : fig2dev - LTS security update
2021-10-10 00:00:00
SUSE SLES11 Security Update : transfig (SUSE-SU-2021:14836-1)
2021-11-03 00:00:00
SUSE SLES12 Security Update : transfig (SUSE-SU-2021:3585-1)
2021-10-30 00:00:00
suse
suse
Security update for transfig (important)
2021-11-18 00:00:00
Security update for transfig (important)
2021-11-02 00:00:00
Security update for transfig (important)
2021-10-29 00:00:00
mageia
mageia
Updated transfig packages fix security vulnerability
2020-03-06 19:13:58
Updated transfig package fixes a security vulnerability
2021-07-27 23:21:53
veracode
veracode
Denial Of Service (DoS)
2023-03-06 17:45:39
Denial Of Service (DoS)
2021-10-05 22:17:32
Denial Of Service (DoS)
2023-03-06 17:29:33
redhatcve
redhatcve
CVE-2019-19555
2020-02-07 15:44:32
CVE-2019-14275
2020-02-07 15:44:31
CVE-2021-32280
2021-09-21 19:10:46
prion
prion
Stack overflow
2019-12-04 17:16:00
Stack overflow
2019-07-26 04:15:00
Out-of-bounds
2019-12-15 20:15:00
debiancve
debiancve
CVE-2020-21533
2021-09-16 21:15:00
CVE-2019-19797
2019-12-15 20:15:00
CVE-2021-32280
2021-09-20 16:15:00
cve
cve
CVE-2019-19555
2019-12-04 17:16:00
CVE-2020-21533
2021-09-16 21:15:00
CVE-2021-32280
2021-09-20 16:15:00
ubuntucve
ubuntucve
CVE-2020-21533
2021-09-16 00:00:00
CVE-2019-19797
2019-12-15 00:00:00
CVE-2019-19555
2019-12-04 00:00:00
cnvd
cnvd
fig2dev stack buffer overflow vulnerability
2021-09-17 00:00:00
fig2dev buffer overflow vulnerability (CNVD-2021-79776)
2019-12-06 00:00:00
fig2dev stack buffer overflow vulnerability (CNVD-2021-68461)
2021-08-11 00:00:00
amazon
amazon
Medium: transfig
2021-07-01 01:08:00
Medium: transfig
2023-07-20 17:30:00
Medium: transfig
2020-02-24 22:12:00
fedora
fedora
[SECURITY] Fedora 34 Update: transfig-3.2.8a-2.fc34
2021-06-07 01:16:34
[SECURITY] Fedora 33 Update: transfig-3.2.8a-2.fc33
2021-06-07 00:51:39
[SECURITY] Fedora 31 Update: xfig-3.2.7b-1.fc31
2020-01-25 06:36:43
JSON
Related for UBUNTU_USN-5864-1.NASL
openvas23osv4ubuntu1debian3nessus25suse10mageia2veracode8redhatcve14prion14debiancve14cve14ubuntucve14cnvd11amazon4fedora6