Lucene search
K
Fig2dev ProjectFig2dev

9 matches found

CVE
CVE
added 2021/05/26 9:27 p.m.193 views

CVE-2021-3561

CVE-2021-3561 refers to an Out of Bounds flaw in fig2dev (version 3.2.8a). The flaw arises from a flawed bounds check in read_objects(), which could allow a crafted input to crash the application or, in some cases, cause memory corruption, impacting integrity and availability. The connected docum...

7.1CVSS6.5AI score0.01178EPSS
CVE
CVE
added 2021/08/10 8:19 p.m.117 views

CVE-2020-21683

CVE-2020-21683 is associated with fig2dev 3.2.7b and involves a global buffer overflow in the function shade_or_tint_name_after_declare_color (genpstricks.c) that can cause a denial of service when converting a Fig file to pstricks format. Public disclosures across multiple vendors/advisories (e....

5.5CVSS5.6AI score0.00782EPSS
CVE
CVE
added 2021/08/10 8:19 p.m.108 views

CVE-2020-21680

CVE-2020-21680 is a vulnerability in fig2dev (Xfig) where a stack-based buffer overflow in the put_arrow() function in genpict2e.c of fig2dev 3.2.7b allows an attacker to cause a denial of service when converting a xfig file to pict2e format. Affected software is fig2dev 3.2.7b (and related 3.2.x...

5.5CVSS5.6AI score0.00683EPSS
CVE
CVE
added 2021/08/10 8:19 p.m.105 views

CVE-2020-21682

CVE-2020-21682 affects fig2dev 3.2.7b (genge.c: set_fill) with a global buffer overflow that enables a denial-of-service when converting a crafted Fig file to ge format. Several vendors/advisories (Red Hat transfig, Amazon ALAS- family, openSUSE/OpenVAS) reference this CVE among a cluster of Fig2...

5.5CVSS5.6AI score0.00853EPSS
CVE
CVE
added 2021/08/10 8:19 p.m.103 views

CVE-2020-21681

CVE-2020-21681 is a vulnerability in fig2dev (component set_color in genge.c) observed in version 3.2.7b where a global buffer overflow can cause a denial of service when converting a xfig file to ge format. Multiple advisories (openSUSE, Amazon Linux ALAS-2023-1807, Red Hat transfig references) ...

5.5CVSS5.6AI score0.00826EPSS
CVE
CVE
added 2021/08/10 8:19 p.m.91 views

CVE-2020-21684

CVE-2020-21684 affects fig2dev 3.2.7b: a global buffer overflow in put_font (genpict2e.c) can cause a denial of service by converting a xfig file to pict2e format. Connected sources confirm the vulnerability in fig2dev 3.2.7b and describe the exact affected component and impact. No remediation de...

5.5CVSS5.5AI score0.00799EPSS
CVE
CVE
added 2021/08/10 8:19 p.m.87 views

CVE-2020-21675

CVE-2020-21675 affects fig2dev 3.2.7b, caused by a stack-based buffer overflow in the genptk_text component (genptk.c), which can lead to denial of service when converting XFig to ptk. Affected product: fig2dev (Xfig suite). Root cause: stack overflow in genptk_text. Impact: DoS via crafted input...

5.5CVSS5.9AI score0.01059EPSS
CVE
CVE
added 2021/08/10 12:0 a.m.86 views

CVE-2020-21676

CVE-2020-21676 is a stack-based buffer overflow in genpstrx_text() of fig2dev 3.2.7b, allowing denial of service when converting a xfig file to pstricks. Public advisories (Debian/Ubuntu) indicate fixes in later fig2dev releases (e.g., Debian 1:3.2.7a-5+deb10u5; Ubuntu USN-5864-1). Remediation: u...

5.5CVSS5.6AI score0.0107EPSS
CVE
CVE
added 2021/08/10 8:19 p.m.66 views

CVE-2020-21678

CVE-2020-21678 is a global buffer overflow in fig2dev 3.2.7b’s genmp_writefontmacro_latex (genmp.c) that can cause a denial of service when converting a xfig file to mp format. The connected documents (NVD/NIST, CNVD, ENISA EUVD, Red Hat/ALAS/Nessus etc.) consistently describe this vulnerability ...

5.5CVSS5.5AI score0.00757EPSS