1955664 – fig2dev: Heap-buffer-overflow in gensvg.c in function gensvg_text

Bug 1955664 - fig2dev: Heap-buffer-overflow in gensvg.c in function gensvg_text

Summary: fig2dev: Heap-buffer-overflow in gensvg.c in function gensvg_text

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1955678
TreeView+	depends on / blocked

Reported:	2021-04-30 15:55 UTC by Pedro Sampaio
Modified:	2021-05-20 13:29 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-05-20 13:28:44 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2021-04-30 15:55:10 UTC

A flaw was found in fig2dev Version 3.2.8a. A heap buffer overflow in function gensvg_text in gensvg.c may cause memory corruption and other potential consequences.

Upstream bug:

https://sourceforge.net/p/mcj/tickets/113/

Upstream fix:

https://sourceforge.net/p/mcj/fig2dev/ci/f8ce1ff8837056b12c046f56e3b5248b2c8eeaa1/

Comment 1 Riccardo Schirone 2021-05-12 13:13:25 UTC

This is a buffer over-read and not a buffer over-write according to the ASAN log, so it is a much lower impact as a bug. No memory corruption can occur just by reading the memory, unless something else is done later.

Note You need to log in before you can comment on or make changes to this bug.