| Summary: | media-gfx/transfig: Multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | IN_PROGRESS --- | ||
| Severity: | normal | CC: | mario.haustein, proxy-maint |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://sourceforge.net/p/mcj/tickets/52/ | ||
| See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=718806 https://bugs.gentoo.org/show_bug.cgi?id=792333 |
||
| Whiteboard: | B2 [stable] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 917279, 916385 | ||
| Bug Blocks: | |||
|
Description
John Helmert III
2020-11-11 02:47:47 UTC
Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. CVE-2020-21529: fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. CVE-2020-21530: fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. CVE-2020-21531: fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. CVE-2020-21532: fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. CVE-2020-21533: fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. CVE-2020-21534: fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. CVE-2020-21535: fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. All fixed in 3.8.8. (In reply to John Helmert III from comment #6) > [snip] > > All fixed in 3.8.8. Whoops, meant 3.2.8. We have another with the same fixed version: CVE-2021-32280: An issue was discovered in fig2dev through 20200520. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. CVE-2021-37529 (https://sourceforge.net/p/mcj/tickets/125/): A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent). CVE-2021-37530 (https://sourceforge.net/p/mcj/tickets/126/): A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c. These issues have been fixed in media-gfx/fig2dev. Upstream renamed this package and it is no longer distributed as transfig. Once media-gfx/fig2dev-3.2.9 and media-gfx/xfig-3.2.9 have been marked stable this package can be masked for removal. (In reply to Hans de Graaff from comment #9) > Once media-gfx/fig2dev-3.2.9 and media-gfx/xfig-3.2.9 have been marked > stable this package can be masked for removal. Note that there are still a number of packages depending on media-gfx/transfig that need to be updated. |