Headline
Ubuntu Security Notice USN-5864-1
Ubuntu Security Notice 5864-1 - Frederic Cambus discovered that Fig2dev incorrectly handled certain image files. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that Fig2dev incorrectly handled certain image files. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
==========================================================================Ubuntu Security Notice USN-5864-1February 13, 2023fig2dev vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Fig2dev.Software Description:- fig2dev: Utilities for converting XFig figure filesDetails:Frederic Cambus discovered that Fig2dev incorrectly handled certain imagefiles. If a user or an automated system were tricked into opening a certainspecially crafted input file, a remote attacker could possibly use this issueto cause a denial of service. This issue only affected Ubuntu 18.04 LTS.(CVE-2019-14275)It was discovered that Fig2dev incorrectly handled certain image files. Ifa user or an automated system were tricked into opening a certain speciallycrafted input file, a remote attacker could possibly use this issue to causea denial of service. (CVE-2019-19555, CVE-2019-19797, CVE-2020-21529,CVE-2020-21530, CVE-2020-21531, CVE-2020-21532, CVE-2020-21533,CVE-2020-21534, CVE-2020-21535, CVE-2020-21675, CVE-2020-21676,CVE-2021-3561)It was discovered that Fig2dev incorrectly handled certain image files. Ifa user or an automated system were tricked into opening a certain speciallycrafted input file, a remote attacker could possibly use this issue to causea denial of service. (CVE-2021-32280)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS: fig2dev 1:3.2.7a-7ubuntu0.1Ubuntu 18.04 LTS: fig2dev 1:3.2.6a-6ubuntu1.1 transfig 1:3.2.6a-6ubuntu1.1In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5864-1 CVE-2019-14275, CVE-2019-19555, CVE-2019-19797, CVE-2020-21529, CVE-2020-21530, CVE-2020-21531, CVE-2020-21532, CVE-2020-21533, CVE-2020-21534, CVE-2020-21535, CVE-2020-21675, CVE-2020-21676, CVE-2021-32280, CVE-2021-3561Package Information: https://launchpad.net/ubuntu/+source/fig2dev/1:3.2.7a-7ubuntu0.1 https://launchpad.net/ubuntu/+source/fig2dev/1:3.2.6a-6ubuntu1.1Related news
An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.
fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.
fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.
fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.
A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.
A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.