Bug 1992780 (CVE-2020-21680)
Summary: | CVE-2020-21680 transfig: A stack-based buffer overflow in the put_arrow() component in genpict2e.c could result in a denial of service | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Michael Kaplan <mkaplan> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | databases-maint, hhorak, kasal, mschorm, pkubat |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2023-12-13 13:37:03 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1998305, 1998306 | ||
Bug Blocks: | 1992794 |
Description
Michael Kaplan
2021-08-11 18:03:41 UTC
The stack buffer overflow affects all RHEL Versions and is due to how arrow heads with lengths of zero are drawn. They were originally drawn secant to the arc. This was detected but caused the program to return in an improper way with an invalid value set. The invalid value allowed for illegal access of an array which in turn led to the stack buffer overflow. This is fixed in the following patch: https://sourceforge.net/p/mcj/fig2dev/ci/100e2789f8106f9cc0f7e4319c4ee7bda076c3ac/ |