13 matches found
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Fig2dev vulnerabilities (USN-7587-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7587-1 advisory. Suhwan Song discovered that Fig2dev did not correctly handle certain memory operations. If a user or automate...
USN-7587-1: Fig2dev vulnerabilities
Suhwan Song discovered that Fig2dev did not correctly handle certain memory operations. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu...
RHEL 7 : transfig (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - transfig: Buffer underwrite in read.c:getline via crafted FIG file CVE-2018-16140 - An array index error ...
RHEL 6 : transfig (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - transfig: Buffer underwrite in read.c:getline via crafted FIG file CVE-2018-16140 - An array index error ...
Amazon Linux AMI : transfig (ALAS-2023-1807)
The version of transfig installed on the remote host is prior to 3.2.7b-10.8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1807 advisory. 2024-06-07: CVE-2019-19797 was added to this advisory. An out-of-bounds write flaw was found in transfig in the way th...
Medium: transfig
Issue Overview: An out-of-bounds write flaw was found in transfig in the way the fig2dev program handled the processing of Fig format files. Specifically, the flaw affects the translation process of Fig codes into the box graphics language. This flaw allows for potential exploitation by crashing...
SUSE CVE-2020-21683
A global buffer overflow in the shadeortintnameafterdeclarecolor in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into pstricks format...
SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:3584-1)
The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3584-1 advisory. Update to fig2dev version 3.2.8 Patchlevel 8b Aug 2021 - bsc1190618, CVE-2020-21529: stack buffer overflow in the bezierspline functio...
openSUSE 15 Security Update : transfig (openSUSE-SU-2021:3584-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3584-1 advisory. - fig2dev 3.2.7b contains a stack buffer overflow in the bezierspline function in genepic.c. CVE-2020-21529 - fig2dev 3.2.7b contains a...
SUSE SLES11 Security Update : transfig (SUSE-SU-2021:14823-1)
The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14823-1 advisory. - CVE-2021-3561: Fixed global buffer overflow in fig2dev/read.c in function readcolordef bsc1186329. - CVE-2019-19797: Fixed out-of-bounds wri...
SUSE: Security Advisory (SUSE-SU-2021:14823-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-21683
CVE-2020-21683 is associated with fig2dev 3.2.7b and involves a global buffer overflow in the function shade_or_tint_name_after_declare_color (genpstricks.c) that can cause a denial of service when converting a Fig file to pstricks format. Public disclosures across multiple vendors/advisories (e....
CVE-2020-21683
A global buffer overflow in the shadeortintnameafterdeclarecolor in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into pstricks format...