Bug 1992780 (CVE-2020-21680) - CVE-2020-21680 transfig: A stack-based buffer overflow in the put_arrow() component in genpict2e.c could result in a denial of service
Summary: CVE-2020-21680 transfig: A stack-based buffer overflow in the put_arrow() com...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2020-21680
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 1998305 1998306
Blocks: 1992794
TreeView+ depends on / blocked
 
Reported: 2021-08-11 18:03 UTC by Michael Kaplan
Modified: 2023-12-13 13:37 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-12-13 13:37:03 UTC
Embargoed:


Attachments (Terms of Use)

Description Michael Kaplan 2021-08-11 18:03:41 UTC
A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.

Reference:

https://sourceforge.net/p/mcj/tickets/74/

Comment 1 Garrett Tucker 2021-08-26 19:26:14 UTC
The stack buffer overflow affects all RHEL Versions and is due to how arrow heads with lengths of zero are drawn. They were originally drawn secant to the arc. This was detected but caused the program to return in an improper way with an invalid value set. The invalid value allowed for illegal access of an array which in turn led to the stack buffer overflow. This is fixed in the following patch: https://sourceforge.net/p/mcj/fig2dev/ci/100e2789f8106f9cc0f7e4319c4ee7bda076c3ac/


Note You need to log in before you can comment on or make changes to this bug.