CVE-2020-21678

Name of the Vulnerable Software and Affected Versions fig2dev version 3.2.7b

Description A global buffer overflow in the genmp writefontmacro latex component in genmp.c of fig2dev allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format. The vulnerability is related to the lack of input validation when copying data to a buffer, which can be exploited by a remote attacker to disrupt service.

Recommendations For fig2dev version 3.2.7b, consider disabling the genmp writefontmacro latex function until a patch is available to prevent potential denial of service attacks. Restrict access to the genmp.c component to minimize the risk of exploitation. Avoid using the genmp writefontmacro latex component when converting xfig files to mp format until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.