Headline
CVE-2021-37530: Xfig / Tickets
A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.
System info
Ubuntu 16.04 xenial, gcc (Ubuntu 5.5.0-12ubuntu1), fig2dev (latest master a4c6e1)
****Command line****
./fig2dev -L pdf -G .25:1cm -j -m 2 -N -P -x 3 -y 4 @@ /dev/null
Output
An open rectangle at line 14 - close it. A rectangle with 5 corners at line 14 - convert to a polygon. [1] 13064 segmentation fault ~/AlphaFuzz-Experiment/projects/baseline0711/afl-fig2dev/fuzz_bin/fig2dev -L
AddressSanitizer output
An open rectangle at line 14 - close it. A rectangle with 5 corners at line 14 - convert to a polygon. ASAN:SIGSEGV ================================================================= ==6829==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000051a094 bp 0x7fff3739baa0 sp 0x7fff3739b8f0 T0) #0 0x51a093 in open_stream /home/qiuhongjun/AlphaFuzz-Experiment/programs/programs-asan/fig2dev/fig2dev/dev/readpics.c:215 #1 0x4b2aa8 in genps_line /home/qiuhongjun/AlphaFuzz-Experiment/programs/programs-asan/fig2dev/fig2dev/dev/genps.c:1672 #2 0x412a7d in gendev_objects /home/qiuhongjun/AlphaFuzz-Experiment/programs/programs-asan/fig2dev/fig2dev/fig2dev.c:1008 #3 0x411481 in main /home/qiuhongjun/AlphaFuzz-Experiment/programs/programs-asan/fig2dev/fig2dev/fig2dev.c:485 #4 0x7f25954e683f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) #5 0x4032f8 in _start (/home/qiuhongjun/AlphaFuzz-Experiment/results/crashes-binary/gcc-asan/fig2dev/fig2dev+0x4032f8)
AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/qiuhongjun/AlphaFuzz-Experiment/programs/programs-asan/fig2dev/fig2dev/dev/readpics.c:215 open_stream ==6829==ABORTING