Bug 2006516 (CVE-2021-32280)

Summary: CVE-2021-32280 transfig: NULL pointer dereference in compute_closed_spline() in trans_spline.c
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: databases-maint, hhorak, kasal, mschorm, pkubat, zmiklank
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: transfig 3.2.8 Doc Type: If docs needed, set a value
Doc Text:
The transfig package is susceptible to a NULL pointer dereference on crafted input. While translating fig code, patterns which include incomplete closed splines lead to this software flaw. The highest threat from this vulnerability is availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-12-13 13:39:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2006517, 2006830, 2006831    
Bug Blocks: 2006518    

Description Guilherme de Almeida Suckevicz 2021-09-21 18:42:47 UTC 
An issue was discovered in fig2dev through 20200520. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service.

Reference:
https://sourceforge.net/p/mcj/tickets/107/
Comment 1 Guilherme de Almeida Suckevicz 2021-09-21 18:43:00 UTC 
Created transfig tracking bugs for this issue:

Affects: fedora-all [bug 2006517]
Comment 3 devthomp 2021-09-22 13:49:09 UTC 
patch:
https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec991/