SB2021091640 - Multiple vulnerabilities in fig2dev
Published: September 16, 2021 Updated: June 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2020-21530)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the read_objects() function in read.c. A remote attacker can pass a specially crafted file to the application and crash it.
2) Buffer overflow (CVE-ID: CVE-2020-21535)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the gencgm_start() function in gencgm.c. A remote attacker can pass a specially crafted file to the application and crash it.
3) Buffer overflow (CVE-ID: CVE-2020-21534)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the get_line() function in read.c. A remote attacker can pass a specially crafted file to the application and crash it.
4) Stack-based buffer overflow (CVE-ID: CVE-2020-21533)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the read_textobject() function in read.c. A remote attacker can pass a specially crafted file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
5) Buffer overflow (CVE-ID: CVE-2020-21532)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the setfigfont() function in genepic.c. A remote attacker can pass a specially crafted file to the application and crash it.
6) Buffer overflow (CVE-ID: CVE-2020-21531)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the conv_pattern_index() function in gencgm.c. A remote attacker can pass a specially crafted file to the application and crash it.
7) Stack-based buffer overflow (CVE-ID: CVE-2020-21529)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the bezier_spline() function in genepic.c. A remote attacker can pass a specially crafted file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
8) Stack-based buffer overflow (CVE-ID: CVE-2020-21675)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the genptk_text component in genptk.c when converting a xfig file into ptk format. A remote attacker can pass a specially crafted file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
9) Stack-based buffer overflow (CVE-ID: CVE-2020-21676)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the genpstrx_text() component in genpstricks.c when converting a xfig file into pstricks format. A remote attacker can pass a specially crafted file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
10) Buffer overflow (CVE-ID: CVE-2020-21681)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the set_color component in genge.c when converting a xfig file into ge format. A remote attacker can pass a specially crafted file to the application and crash it.
11) Buffer overflow (CVE-ID: CVE-2020-21684)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the put_font in genpict2e.c when converting a xfig file into pict2e format. A remote attacker can pass a specially crafted file to the application and crash it.
12) Buffer overflow (CVE-ID: CVE-2020-21682)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the set_fill component in genge.c when converting a xfig file into ge format. A remote attacker can pass a specially crafted file to the application and crash it.
13) Buffer overflow (CVE-ID: CVE-2020-21683)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the shade_or_tint_name_after_declare_color() function in fig2dev/dev/genpstricks.c when converting a xfig file into pstricks format. A remote attacker can pass a specially crafted file to the application and crash it.
14) Stack-based buffer overflow (CVE-ID: CVE-2020-21680)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when converting a xfig file into pict2e format. A remote attacker can trigger a stack-based buffer overflow and crash the application.
15) NULL pointer dereference (CVE-ID: CVE-2021-32280)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the compute_closed_spline() function in trans_spline.c. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.
16) Buffer overflow (CVE-ID: CVE-2020-21678)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to improper input validation when converting a xfig file into mp format.A remote attacker can trick the victim to open a specially crafted file and crash the application.
Remediation
Install update from vendor's website.
References
- https://sourceforge.net/p/mcj/tickets/61/
- https://sourceforge.net/p/mcj/tickets/62/
- https://sourceforge.net/p/mcj/tickets/58/
- https://sourceforge.net/p/mcj/tickets/59/
- https://sourceforge.net/p/mcj/tickets/64/
- https://sourceforge.net/p/mcj/tickets/63/
- https://sourceforge.net/p/mcj/tickets/65/
- https://sourceforge.net/p/mcj/tickets/78/
- https://sourceforge.net/p/mcj/tickets/76/
- https://sourceforge.net/p/mcj/tickets/73/
- https://sourceforge.net/p/mcj/tickets/75/
- https://sourceforge.net/p/mcj/tickets/72/
- https://sourceforge.net/u/hamarituc/fig2dev/ci/4d4e1fdac467c386cba8706aa0067d5ab8da02d7/
- https://sourceforge.net/p/mcj/tickets/77/
- https://sourceforge.net/u/hamarituc/fig2dev/ci/639c36010a120e97a6e82e7cd57cbf9dbf4b64f1/
- https://sourceforge.net/p/mcj/tickets/74/
- https://sourceforge.net/u/hamarituc/fig2dev/ci/100e2789f8106f9cc0f7e4319c4ee7bda076c3ac/
- https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec991/
- https://sourceforge.net/p/mcj/tickets/107/
- https://sourceforge.net/p/mcj/tickets/71/