Headline
CVE-2021-32280: Xfig / Tickets / #107 A Segmentation fault in trans_spline.c
An issue was discovered in fig2dev before 3.2.8… A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.
System info
Ubuntu x86_64, clang 6.0, fig2dev (latest master 3a578b)
Configure
CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" ./configure
Command line
./fig2dev/fig2dev -L pdf -G .25:1cm -j -m 2 -N -P -x 3 -y 4 @@ /dev/null
AddressSanitizer output
AddressSanitizer:DEADLYSIGNAL ================================================================= ==52196==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc 0x00000054d8d6 bp 0x0ff24e6480f7 sp 0x7ffd3a3d31a0 T0) ==52196==The signal is caused by a READ memory access. ==52196==Hint: address points to the zero page. #0 0x54d8d5 in compute_closed_spline /home/seviezhou/fig2dev/fig2dev/trans_spline.c #1 0x54e1b8 in create_line_with_spline /home/seviezhou/fig2dev/fig2dev/trans_spline.c:495:29 #2 0x541fb7 in read_splineobject /home/seviezhou/fig2dev/fig2dev/read.c:1360:10 #3 0x538e22 in read_objects /home/seviezhou/fig2dev/fig2dev/read.c:419:16 #4 0x538e22 in readfp_fig /home/seviezhou/fig2dev/fig2dev/read.c:151 #5 0x5369eb in read_fig /home/seviezhou/fig2dev/fig2dev/read.c:123:10 #6 0x52c27e in main /home/seviezhou/fig2dev/fig2dev/fig2dev.c:423:12 #7 0x7f92718bfb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/…/csu/libc-start.c:310 #8 0x41b6f9 in _start (/home/seviezhou/fig2dev/fig2dev/fig2dev+0x41b6f9)
AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/seviezhou/fig2dev/fig2dev/trans_spline.c in compute_closed_spline ==52196==ABORTING
Related news
Ubuntu Security Notice 5864-1 - Frederic Cambus discovered that Fig2dev incorrectly handled certain image files. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that Fig2dev incorrectly handled certain image files. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.