Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 753962 (CVE-2020-21529, CVE-2020-21530, CVE-2020-21531, CVE-2020-21532, CVE-2020-21533, CVE-2020-21534, CVE-2020-21535, CVE-2021-32280, CVE-2021-37529, CVE-2021-37530) - media-gfx/transfig: Multiple vulnerabilities
Summary: media-gfx/transfig: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2020-21529, CVE-2020-21530, CVE-2020-21531, CVE-2020-21532, CVE-2020-21533, CVE-2020-21534, CVE-2020-21535, CVE-2021-32280, CVE-2021-37529, CVE-2021-37530
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://sourceforge.net/p/mcj/tickets...
Whiteboard: B2 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-11-11 02:47 UTC by John Helmert III
Modified: 2022-01-17 21:15 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2020-11-11 02:47:47 UTC
Appears this is vulnerable to several of the same vulnerabilities as xfig was in bug 718806 (details on these vulnerabilities there). I couldn't reproduce CVE-2018-11439, so not sure if this is vulnerable to it too.
Comment 1 NATTkA bot gentoo-dev 2021-07-29 17:25:28 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:34:01 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:41:53 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:50:03 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 18:05:57 UTC
Package list is empty or all packages have requested keywords.
Comment 6 John Helmert III gentoo-dev Security 2021-09-18 01:18:51 UTC
CVE-2020-21529:

fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.

CVE-2020-21530:

fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.

CVE-2020-21531:

fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.

CVE-2020-21532:

fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.

CVE-2020-21533:

fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.

CVE-2020-21534:

fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.

CVE-2020-21535:

fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.


All fixed in 3.8.8.
Comment 7 John Helmert III gentoo-dev Security 2021-09-28 20:34:26 UTC
(In reply to John Helmert III from comment #6)
> [snip] 
> 
> All fixed in 3.8.8.

Whoops, meant 3.2.8. We have another with the same fixed version:

CVE-2021-32280:

An issue was discovered in fig2dev through 20200520. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service.
Comment 8 John Helmert III gentoo-dev Security 2022-01-17 21:15:58 UTC
CVE-2021-37529 (https://sourceforge.net/p/mcj/tickets/125/):

A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).

CVE-2021-37530 (https://sourceforge.net/p/mcj/tickets/126/):

A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.