Appears this is vulnerable to several of the same vulnerabilities as xfig was in bug 718806 (details on these vulnerabilities there). I couldn't reproduce CVE-2018-11439, so not sure if this is vulnerable to it too.
Package list is empty or all packages have requested keywords.
CVE-2020-21529: fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. CVE-2020-21530: fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. CVE-2020-21531: fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. CVE-2020-21532: fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. CVE-2020-21533: fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. CVE-2020-21534: fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. CVE-2020-21535: fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. All fixed in 3.8.8.
(In reply to John Helmert III from comment #6) > [snip] > > All fixed in 3.8.8. Whoops, meant 3.2.8. We have another with the same fixed version: CVE-2021-32280: An issue was discovered in fig2dev through 20200520. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service.
CVE-2021-37529 (https://sourceforge.net/p/mcj/tickets/125/): A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent). CVE-2021-37530 (https://sourceforge.net/p/mcj/tickets/126/): A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.
These issues have been fixed in media-gfx/fig2dev. Upstream renamed this package and it is no longer distributed as transfig. Once media-gfx/fig2dev-3.2.9 and media-gfx/xfig-3.2.9 have been marked stable this package can be masked for removal.
(In reply to Hans de Graaff from comment #9) > Once media-gfx/fig2dev-3.2.9 and media-gfx/xfig-3.2.9 have been marked > stable this package can be masked for removal. Note that there are still a number of packages depending on media-gfx/transfig that need to be updated.
