9 matches found
CVE-2021-3561
CVE-2021-3561 refers to an Out of Bounds flaw in fig2dev (version 3.2.8a). The flaw arises from a flawed bounds check in read_objects(), which could allow a crafted input to crash the application or, in some cases, cause memory corruption, impacting integrity and availability. The connected docum...
CVE-2020-21683
CVE-2020-21683 is associated with fig2dev 3.2.7b and involves a global buffer overflow in the function shade_or_tint_name_after_declare_color (genpstricks.c) that can cause a denial of service when converting a Fig file to pstricks format. Public disclosures across multiple vendors/advisories (e....
CVE-2020-21680
CVE-2020-21680 is a vulnerability in fig2dev (Xfig) where a stack-based buffer overflow in the put_arrow() function in genpict2e.c of fig2dev 3.2.7b allows an attacker to cause a denial of service when converting a xfig file to pict2e format. Affected software is fig2dev 3.2.7b (and related 3.2.x...
CVE-2020-21682
CVE-2020-21682 affects fig2dev 3.2.7b (genge.c: set_fill) with a global buffer overflow that enables a denial-of-service when converting a crafted Fig file to ge format. Several vendors/advisories (Red Hat transfig, Amazon ALAS- family, openSUSE/OpenVAS) reference this CVE among a cluster of Fig2...
CVE-2020-21681
CVE-2020-21681 is a vulnerability in fig2dev (component set_color in genge.c) observed in version 3.2.7b where a global buffer overflow can cause a denial of service when converting a xfig file to ge format. Multiple advisories (openSUSE, Amazon Linux ALAS-2023-1807, Red Hat transfig references) ...
CVE-2020-21684
CVE-2020-21684 affects fig2dev 3.2.7b: a global buffer overflow in put_font (genpict2e.c) can cause a denial of service by converting a xfig file to pict2e format. Connected sources confirm the vulnerability in fig2dev 3.2.7b and describe the exact affected component and impact. No remediation de...
CVE-2020-21675
CVE-2020-21675 affects fig2dev 3.2.7b, caused by a stack-based buffer overflow in the genptk_text component (genptk.c), which can lead to denial of service when converting XFig to ptk. Affected product: fig2dev (Xfig suite). Root cause: stack overflow in genptk_text. Impact: DoS via crafted input...
CVE-2020-21676
CVE-2020-21676 is a stack-based buffer overflow in genpstrx_text() of fig2dev 3.2.7b, allowing denial of service when converting a xfig file to pstricks. Public advisories (Debian/Ubuntu) indicate fixes in later fig2dev releases (e.g., Debian 1:3.2.7a-5+deb10u5; Ubuntu USN-5864-1). Remediation: u...
CVE-2020-21678
CVE-2020-21678 is a global buffer overflow in fig2dev 3.2.7b’s genmp_writefontmacro_latex (genmp.c) that can cause a denial of service when converting a xfig file to mp format. The connected documents (NVD/NIST, CNVD, ENISA EUVD, Red Hat/ALAS/Nessus etc.) consistently describe this vulnerability ...