Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 807784 (CVE-2020-21675, CVE-2020-21676, CVE-2020-21678, CVE-2020-21680, CVE-2020-21681, CVE-2020-21682, CVE-2020-21683, CVE-2020-21684) - media-gfx/xfig: multiple vulnerabilities (CVE-2020-{21675,21676,21678,21680,21681,21682,21683,21684})
Summary: media-gfx/xfig: multiple vulnerabilities (CVE-2020-{21675,21676,21678,21680,2...
Status: RESOLVED INVALID
Alias: CVE-2020-21675, CVE-2020-21676, CVE-2020-21678, CVE-2020-21680, CVE-2020-21681, CVE-2020-21682, CVE-2020-21683, CVE-2020-21684
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-08-12 03:55 UTC by John Helmert III
Modified: 2022-08-27 22:06 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-12 03:55:14 UTC
CVE-2020-21675 (https://sourceforge.net/p/mcj/tickets/78/):

A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.

CVE-2020-21676 (https://sourceforge.net/p/mcj/tickets/76/):

A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.

CVE-2020-21678 (https://sourceforge.net/p/mcj/tickets/71/):

A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format.

CVE-2020-21680 (https://sourceforge.net/p/mcj/tickets/74/):

A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.

CVE-2020-21681 (https://sourceforge.net/p/mcj/tickets/73/):

A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.

CVE-2020-21682 (https://sourceforge.net/p/mcj/tickets/72/):

A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.

CVE-2020-21683 (https://sourceforge.net/p/mcj/tickets/77/):

A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.

CVE-2020-21684 (https://sourceforge.net/p/mcj/tickets/75/):

A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.


All upstream bug reports are closed with references to commits. As with bug
718806 and bug 753962, transfig may be vulnerable too.
Comment 1 Larry the Git Cow gentoo-dev 2022-08-27 15:29:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a48d4e4bce4431bd68ead902a4042e9877c9ff6

commit 2a48d4e4bce4431bd68ead902a4042e9877c9ff6
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2022-08-27 12:54:45 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-08-27 15:29:37 +0000

    media-gfx/xfig: Version bump to 3.2.8b
    
    * Bump to EAPI=8
    * Move media-libs/netpbm from DEPEND/RDEPEND to optfeature
    * Remove unneeded dependencies: x11-libs/libXaw, x11-libs/libXi
    * Add needed dependencies: media-libs/tiff, x11-libs/libX11, x11-libs/libXpm
    * Remove IUSE="jpeg" and IUSE="postscript", as they're always enabled
      upstream now.
    * Remove IUSE="nls" and add (+) to x11-libs/libXaw3d's unicode USE-dep
    * Switch from virtual/jpeg to media-libs/libjpeg-turbo
    * Add patch to build with -lflto
    
    Bug: https://bugs.gentoo.org/807784
    Closes: https://bugs.gentoo.org/761424
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 media-gfx/xfig/Manifest                            |  1 +
 .../files/xfig-3.2.8b-Fix-build-with-flto.patch    | 62 ++++++++++++++++++++++
 .../xfig/files/xfig-3.2.8b-app-defaults.patch      | 14 +++++
 media-gfx/xfig/xfig-3.2.8b.ebuild                  | 52 ++++++++++++++++++
 4 files changed, 129 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-27 22:06:37 UTC
Looks like all of these issues are in fig2dev and not xfig itself. Thanks Matt for confirming!