Lucene search
+L
Fig2dev ProjectFig2dev

14 matches found

CVE
CVE
added 2019/12/12 2:22 a.m.238 views

CVE-2019-19746

CVE-2019-19746 affects Xfig’s fig2dev (notably the make_arrow path in arrow.c for version 3.2.7b). The vulnerability is described as a segmentation fault and an out-of-bounds write caused by an integer overflow when processing a large arrow type. Public advisories (SUSE/openSUSE) cite vulnerable ...

5.5CVSS5.6AI score0.01191EPSS
CVE
CVE
added 2021/08/10 8:19 p.m.117 views

CVE-2020-21683

CVE-2020-21683 is associated with fig2dev 3.2.7b and involves a global buffer overflow in the function shade_or_tint_name_after_declare_color (genpstricks.c) that can cause a denial of service when converting a Fig file to pstricks format. Public disclosures across multiple vendors/advisories (e....

5.5CVSS5.6AI score0.00782EPSS
CVE
CVE
added 2021/08/10 8:19 p.m.109 views

CVE-2020-21680

CVE-2020-21680 is a vulnerability in fig2dev (Xfig) where a stack-based buffer overflow in the put_arrow() function in genpict2e.c of fig2dev 3.2.7b allows an attacker to cause a denial of service when converting a xfig file to pict2e format. Affected software is fig2dev 3.2.7b (and related 3.2.x...

5.5CVSS5.6AI score0.00683EPSS
CVE
CVE
added 2021/08/10 8:19 p.m.105 views

CVE-2020-21682

CVE-2020-21682 affects fig2dev 3.2.7b (genge.c: set_fill) with a global buffer overflow that enables a denial-of-service when converting a crafted Fig file to ge format. Several vendors/advisories (Red Hat transfig, Amazon ALAS- family, openSUSE/OpenVAS) reference this CVE among a cluster of Fig2...

5.5CVSS5.6AI score0.00853EPSS
CVE
CVE
added 2021/08/10 8:19 p.m.103 views

CVE-2020-21681

CVE-2020-21681 is a vulnerability in fig2dev (component set_color in genge.c) observed in version 3.2.7b where a global buffer overflow can cause a denial of service when converting a xfig file to ge format. Multiple advisories (openSUSE, Amazon Linux ALAS-2023-1807, Red Hat transfig references) ...

5.5CVSS5.6AI score0.00826EPSS
CVE
CVE
added 2021/08/10 8:19 p.m.95 views

CVE-2020-21684

CVE-2020-21684 affects fig2dev 3.2.7b: a global buffer overflow in put_font (genpict2e.c) can cause a denial of service by converting a xfig file to pict2e format. Connected sources confirm the vulnerability in fig2dev 3.2.7b and describe the exact affected component and impact. No remediation de...

5.5CVSS5.5AI score0.00799EPSS
CVE
CVE
added 2025/04/23 8:55 p.m.95 views

CVE-2025-46398

CVE-2025-46398 affects fig2dev (part of xfig/Transfig). The vulnerability is a stack overflow in read_objects() that allows memory corruption via local input manipulation, exploitable by a locally authenticated user under conditions described in several advisories. Public disclosures in Debian LT...

5.5CVSS4.7AI score0.00234EPSS
CVE
CVE
added 2025/04/23 8:55 p.m.95 views

CVE-2025-46400

CVE-2025-46400 affects fig2dev (part of the transfig/xfig toolchain). A segmentation fault in read_arcobject can cause denial of service by local input manipulation, impacting availability. Documents consistently describe a segmentation fault via read_arcobject as the root cause, with multiple ad...

5.5CVSS4.4AI score0.00211EPSS
CVE
CVE
added 2021/08/10 8:19 p.m.88 views

CVE-2020-21675

CVE-2020-21675 affects fig2dev 3.2.7b, caused by a stack-based buffer overflow in the genptk_text component (genptk.c), which can lead to denial of service when converting XFig to ptk. Affected product: fig2dev (Xfig suite). Root cause: stack overflow in genptk_text. Impact: DoS via crafted input...

5.5CVSS5.9AI score0.01059EPSS
CVE
CVE
added 2025/04/23 8:55 p.m.87 views

CVE-2025-46399

CVE-2025-46399 affects fig2dev (part of transfig) with a segmentation fault in genge_itp_spline, enabling local input-based disruption and potential denial of service. Related advisories confirm multiple vendors acknowledge the issue; Debian LTS reports a fix in fig2dev 1:3.2.8-3+deb11u3. Other e...

5.5CVSS4.6AI score0.00211EPSS
CVE
CVE
added 2021/08/10 12:0 a.m.86 views

CVE-2020-21676

CVE-2020-21676 is a stack-based buffer overflow in genpstrx_text() of fig2dev 3.2.7b, allowing denial of service when converting a xfig file to pstricks. Public advisories (Debian/Ubuntu) indicate fixes in later fig2dev releases (e.g., Debian 1:3.2.7a-5+deb10u5; Ubuntu USN-5864-1). Remediation: u...

5.5CVSS5.6AI score0.0107EPSS
CVE
CVE
added 2022/01/12 8:12 p.m.80 views

CVE-2021-37529

CVE-2021-37529 affects fig2dev up to version 3.28a. The vulnerability is a double-free in the free_stream function of readpics.c (due to freeing memory for long file names), which can lead to denial of service. Various sources (Red Hat, SUSE, OSV entries, and vendor advisories) report this issue ...

5.5CVSS5.4AI score0.00748EPSS
CVE
CVE
added 2022/01/12 8:18 p.m.74 views

CVE-2021-37530

CVE-2021-37530 affects fig2dev (up to 3.28a) with a denial-of-service due to a segfault in readpics.c open_stream. Multiple connected sources consistently describe a segfault in open_stream that can crash fig2dev when processing crafted input, causing a DoS. The core vulnerable component is the o...

5.5CVSS5.3AI score0.00748EPSS
CVE
CVE
added 2021/08/10 8:19 p.m.66 views

CVE-2020-21678

CVE-2020-21678 is a global buffer overflow in fig2dev 3.2.7b’s genmp_writefontmacro_latex (genmp.c) that can cause a denial of service when converting a xfig file to mp format. The connected documents (NVD/NIST, CNVD, ENISA EUVD, Red Hat/ALAS/Nessus etc.) consistently describe this vulnerability ...

5.5CVSS5.5AI score0.00757EPSS