PT-2021-6493 · Fig2Dev+4 · Fig2Dev+4

Suhwan Song

Published

2021-09-16

Updated

2024-06-15

CVE-2020-21532

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions fig2dev version 3.2.7b

Description The issue is related to a global buffer overflow in the setfigfont function in genepic.c. This overflow is caused by copying a buffer without checking the input data, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For fig2dev version 3.2.7b, consider disabling the setfigfont function in genepic.c as a temporary workaround until a patch is available. Restrict access to the genepic.c component to minimize the risk of exploitation. Avoid using the fig2dev utility with untrusted input files until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2022-01743

CVE-2020-21532

DLA-2778-1

DLA-3304-1

OPENSUSE-SU-2021:1439-1

OPENSUSE-SU-2021:1458-1

OPENSUSE-SU-2021:1481-1

OPENSUSE-SU-2021:3584-1

OPENSUSE-SU-2021_1439-1

OPENSUSE-SU-2021_3584-1

OPENSUSE-SU-2024:11595-1

SUSE-SU-2021:14836-1

SUSE-SU-2021:3584-1

SUSE-SU-2021:3585-1

SUSE-SU-2021_14836-1

USN-5864-1

Affected Products

Astra Linux

Linuxmint

Suse

Ubuntu

Fig2Dev

PT-2021-6493 · Fig2Dev+4 · Fig2Dev+4

CVE-2020-21532

Weakness Enumeration

Related Identifiers

Affected Products

References · 71