CVE-2020-21684

Name of the Vulnerable Software and Affected Versions fig2dev version 3.2.7b

Description The issue is related to a global buffer overflow in the put font function of the genpict2e.c component in the fig2dev utility. This occurs when converting a xfig file into pict2e format without proper input validation, allowing a remote attacker to cause a denial of service (DOS).

Recommendations For fig2dev version 3.2.7b, consider disabling the put font function in genpict2e.c until a patch is available to prevent exploitation. Restrict the conversion of xfig files to pict2e format to minimize the risk of a denial of service attack.