Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 753962 (CVE-2020-21529, CVE-2020-21530, CVE-2020-21531, CVE-2020-21532, CVE-2020-21533, CVE-2020-21534, CVE-2020-21535, CVE-2021-32280, CVE-2021-37529, CVE-2021-37530)

Summary: media-gfx/transfig: Multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: mario.haustein, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://sourceforge.net/p/mcj/tickets/52/
See Also: https://bugs.gentoo.org/show_bug.cgi?id=718806
https://bugs.gentoo.org/show_bug.cgi?id=792333
Whiteboard: B2 [stable]
Package list:
Runtime testing required: ---
Bug Depends on: 917279, 916385    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-11-11 02:47:47 UTC 
Appears this is vulnerable to several of the same vulnerabilities as xfig was in bug 718806 (details on these vulnerabilities there). I couldn't reproduce CVE-2018-11439, so not sure if this is vulnerable to it too.
Comment 1 NATTkA bot gentoo-dev 2021-07-29 17:25:28 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:34:01 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:41:53 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:50:03 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 18:05:57 UTC 
Package list is empty or all packages have requested keywords.
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-18 01:18:51 UTC 
CVE-2020-21529:

fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.

CVE-2020-21530:

fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.

CVE-2020-21531:

fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.

CVE-2020-21532:

fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.

CVE-2020-21533:

fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.

CVE-2020-21534:

fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.

CVE-2020-21535:

fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.


All fixed in 3.8.8.
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-28 20:34:26 UTC 
(In reply to John Helmert III from comment #6)
> [snip] 
> 
> All fixed in 3.8.8.

Whoops, meant 3.2.8. We have another with the same fixed version:

CVE-2021-32280:

An issue was discovered in fig2dev through 20200520. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service.
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-17 21:15:58 UTC 
CVE-2021-37529 (https://sourceforge.net/p/mcj/tickets/125/):

A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).

CVE-2021-37530 (https://sourceforge.net/p/mcj/tickets/126/):

A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.
Comment 9 Hans de Graaff gentoo-dev Security 2023-10-15 08:48:09 UTC 
These issues have been fixed in media-gfx/fig2dev. Upstream renamed this package and it is no longer distributed as transfig.

Once media-gfx/fig2dev-3.2.9 and media-gfx/xfig-3.2.9 have been marked stable this package can be masked for removal.
Comment 10 Hans de Graaff gentoo-dev Security 2023-10-15 08:49:33 UTC 
(In reply to Hans de Graaff from comment #9)

> Once media-gfx/fig2dev-3.2.9 and media-gfx/xfig-3.2.9 have been marked
> stable this package can be masked for removal.

Note that there are still a number of packages depending on media-gfx/transfig that need to be updated.