10 matches found
CVE-2019-14275
CVE-2019-14275 affects Xfig’s fig2dev, specifically a stack-based buffer overflow in the calc_arrow function of bound.c (v3.2.7a). This leads to potential denial-of-service conditions as noted in multiple advisories. The issue is addressed in newer fig2dev releases (fixed in 3.2.8; OpenVAS/Ubuntu...
CVE-2019-19797
CVE-2019-19797 is evidenced in connected records as an out-of-bounds write in read_colordef of Xfig fig2dev 3.2.7b. Multiple advisories (ALAS-2023-1807, SUSE SU-2021:14823-1, Ubuntu USN-5864-1, Debian DLA-2778) map this issue to transfig/fig2dev and cite additional related CVEs. The impact is des...
CVE-2020-21529
CVE-2020-21529 affects fig2dev 3.2.7b, with a stack buffer overflow in bezier_spline() (genepic.c). Affected products across distros include Debian (3.2.7a-5+), Ubuntu advisories referencing fig2dev (multiple CVEs including 2020-21529), and SUSE/openSUSE, which list CVE-2020-21529 among 12 issues...
CVE-2021-32280
CVE-2021-32280 affects fig2dev prior to version 3.2.8. A NULL pointer dereference in compute_closed_spline() (trans_spline.c) can lead to Denial of Service. Affected advisories and notices (Astra Linux, Red Hat, Amazon Linux variants) confirm the issue and list 3.2.8 as the fixed version. Remedia...
CVE-2020-21531
CVE-2020-21531 affects fig2dev, specifically a global buffer overflow in conv_pattern_index() of gencgm.c in version 3.2.7b. Connected advisories confirm multiple OS vendors (Debian, Ubuntu, openSUSE/SUSE, Red Hat via Nessus notes) referencing fig2dev vulnerabilities and provide fixes in newer re...
CVE-2020-21535
CVE-2020-21535 affects fig2dev 3.2.7b (Xfig/Transfig) with a segmentation fault in gencgm_start (gencgm.c). OpenSUSE/SUSE advisories indicate this is fixed in fig2dev 3.2.8 Patchlevel 8b; update to that version to remediate. Other linked sources list the vulnerability among multiple CVEs in the s...
CVE-2020-21532
CVE-2020-21532 affects fig2dev; the issue is a global buffer overflow in the setfigfont() function of genepic.c (vulnerable in fig2dev 3.2.7b). Debian fixed this in 1:3.2.7a-5+deb10u5, SUSE/openSUSE fixed in 3.2.8 patchlevel 8b, and OpenUK/Ubuntu advisories reference this CVE among multiple fixes...
CVE-2020-21534
Summary (CVE-2020-21534) fig2dev 3.2.7b contains a global buffer overflow in the get_line function (read.c). The vulnerability is discussed in multiple advisories across Linux distros (Ubuntu, Debian, openSUSE/openSUSE-SU-2021:1481-1, SUSE/openSUSE patches). Affected component is the fig2dev util...
CVE-2020-21533
CVE-2020-21533 affects fig2dev 3.2.7b, with a stack buffer overflow in read_textobject() in read.c. Exploitation could impact availability. Several open-source advisories note affected packages and cite updates to fig2dev 3.2.8 (patch level 8) across distros (e.g., openSUSE/SUSE/Ubuntu/NESSUS ref...
CVE-2020-21530
CVE-2020-21530 affects fig2dev 3.2.7b, where a segmentation fault occurs in read.c::read_objects. The vulnerability is shown across multiple Linux distributions (Red Hat, Ubuntu, openSUSE/SUSE) as an unpatched issue; remediation is to upgrade to fig2dev 3.2.8 (Patchlevel 8b) or apply the vendor p...