CVE-2020-21682

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions fig2dev version 3.2.7b

Description A global buffer overflow in the set fill component in genge.c of fig2dev allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. This issue is related to the lack of input validation when copying data to a buffer, which can be exploited by a remote attacker.

Recommendations For fig2dev version 3.2.7b, consider disabling the set fill component in genge.c as a temporary workaround to prevent exploitation until a patch is available. Restrict access to the genge.c module to minimize the risk of denial of service attacks. Avoid converting xfig files to ge format using the affected version of fig2dev until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2022-02093

CVE-2020-21682

OPENSUSE-SU-2021:1439-1

OPENSUSE-SU-2021:1458-1

OPENSUSE-SU-2021:1481-1

OPENSUSE-SU-2021:3584-1

OPENSUSE-SU-2021_1439-1

OPENSUSE-SU-2021_3584-1

OPENSUSE-SU-2024:11472-1

SUSE-SU-2021:14823-1

SUSE-SU-2021:3124-1

SUSE-SU-2021:3584-1

SUSE-SU-2021_14823-1

USN-7587-1

Affected Products

Linuxmint

Suse

Ubuntu

Fig2Dev

CVE-2020-21682

Weakness Enumeration

Related Identifiers

Affected Products

References · 71