A flaw was found in fig2dev Version 3.2.8a. A heap buffer overflow in function gensvg_text in gensvg.c may cause memory corruption and other potential consequences. Upstream bug: https://sourceforge.net/p/mcj/tickets/113/ Upstream fix: https://sourceforge.net/p/mcj/fig2dev/ci/f8ce1ff8837056b12c046f56e3b5248b2c8eeaa1/
This is a buffer over-read and not a buffer over-write according to the ASAN log, so it is a much lower impact as a bug. No memory corruption can occur just by reading the memory, unless something else is done later.