CVE-2020-21675 (https://sourceforge.net/p/mcj/tickets/78/): A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. CVE-2020-21676 (https://sourceforge.net/p/mcj/tickets/76/): A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. CVE-2020-21678 (https://sourceforge.net/p/mcj/tickets/71/): A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format. CVE-2020-21680 (https://sourceforge.net/p/mcj/tickets/74/): A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. CVE-2020-21681 (https://sourceforge.net/p/mcj/tickets/73/): A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. CVE-2020-21682 (https://sourceforge.net/p/mcj/tickets/72/): A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. CVE-2020-21683 (https://sourceforge.net/p/mcj/tickets/77/): A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. CVE-2020-21684 (https://sourceforge.net/p/mcj/tickets/75/): A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. All upstream bug reports are closed with references to commits. As with bug 718806 and bug 753962, transfig may be vulnerable too.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a48d4e4bce4431bd68ead902a4042e9877c9ff6 commit 2a48d4e4bce4431bd68ead902a4042e9877c9ff6 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-08-27 12:54:45 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-08-27 15:29:37 +0000 media-gfx/xfig: Version bump to 3.2.8b * Bump to EAPI=8 * Move media-libs/netpbm from DEPEND/RDEPEND to optfeature * Remove unneeded dependencies: x11-libs/libXaw, x11-libs/libXi * Add needed dependencies: media-libs/tiff, x11-libs/libX11, x11-libs/libXpm * Remove IUSE="jpeg" and IUSE="postscript", as they're always enabled upstream now. * Remove IUSE="nls" and add (+) to x11-libs/libXaw3d's unicode USE-dep * Switch from virtual/jpeg to media-libs/libjpeg-turbo * Add patch to build with -lflto Bug: https://bugs.gentoo.org/807784 Closes: https://bugs.gentoo.org/761424 Signed-off-by: Matt Turner <mattst88@gentoo.org> media-gfx/xfig/Manifest | 1 + .../files/xfig-3.2.8b-Fix-build-with-flto.patch | 62 ++++++++++++++++++++++ .../xfig/files/xfig-3.2.8b-app-defaults.patch | 14 +++++ media-gfx/xfig/xfig-3.2.8b.ebuild | 52 ++++++++++++++++++ 4 files changed, 129 insertions(+)
Looks like all of these issues are in fig2dev and not xfig itself. Thanks Matt for confirming!