SUSE-SU-2021:14823-1 - Vulnerability-Lookup

SUSE-SU-2021:14823-1

Vulnerability from csaf_suse - Published: 2021-10-06 14:42 - Updated: 2021-10-06 14:42

Summary

Security update for transfig

Severity

Important

Notes

Title of the patch: Security update for transfig

Description of the patch: This update for transfig fixes the following issues: - CVE-2021-3561: Fixed global buffer overflow in fig2dev/read.c in function read_colordef() (bsc#1186329). - CVE-2019-19797: Fixed out-of-bounds write in read_colordef in read.c (bsc#1159293). - CVE-2019-19746: Fixed segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130). - CVE-2019-19555: Fixed stack-based buffer overflow because of an incorrect sscanf (bsc#1161698). - CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function in bound.c (bsc#1143650). - CVE-2020-21680: Fixed a stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343). - CVE-2020-21681: Fixed a global buffer overflow in the set_color component in genge.c (bsc#1189345). - CVE-2020-21682: Fixed a global buffer overflow in the set_fill component in genge.c (bsc#1189346). - CVE-2020-21683: Fixed a global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325). - Do hardening via compile and linker flags - Fixed last added upstream commit (boo#1136882)

Patchnames: sleposp3-transfig-14823,slessp4-transfig-14823

Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

CVE-2019-14275

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2019-19555

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2019-19746

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2019-19797

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2020-21680

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2020-21681

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2020-21682

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2020-21683

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2021-3561

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/s…	self
	https://www.suse.com/support/update/announcement/…	self
	https://lists.suse.com/pipermail/sle-security-upd…	self
	https://bugzilla.suse.com/1136882	self
	https://bugzilla.suse.com/1143650	self
	https://bugzilla.suse.com/1159130	self
	https://bugzilla.suse.com/1159293	self
	https://bugzilla.suse.com/1161698	self
	https://bugzilla.suse.com/1186329	self
	https://bugzilla.suse.com/1189325	self
	https://bugzilla.suse.com/1189343	self
	https://bugzilla.suse.com/1189345	self
	https://bugzilla.suse.com/1189346	self
	https://www.suse.com/security/cve/CVE-2019-14275/	self
	https://www.suse.com/security/cve/CVE-2019-19555/	self
	https://www.suse.com/security/cve/CVE-2019-19746/	self
	https://www.suse.com/security/cve/CVE-2019-19797/	self
	https://www.suse.com/security/cve/CVE-2020-21680/	self
	https://www.suse.com/security/cve/CVE-2020-21681/	self
	https://www.suse.com/security/cve/CVE-2020-21682/	self
	https://www.suse.com/security/cve/CVE-2020-21683/	self
	https://www.suse.com/security/cve/CVE-2021-3561/	self
	https://www.suse.com/security/cve/CVE-2019-14275	external
	https://bugzilla.suse.com/1143650	external
	https://www.suse.com/security/cve/CVE-2019-19555	external
	https://bugzilla.suse.com/1161698	external
	https://www.suse.com/security/cve/CVE-2019-19746	external
	https://bugzilla.suse.com/1159130	external
	https://www.suse.com/security/cve/CVE-2019-19797	external
	https://bugzilla.suse.com/1159293	external
	https://www.suse.com/security/cve/CVE-2020-21680	external
	https://bugzilla.suse.com/1189343	external
	https://www.suse.com/security/cve/CVE-2020-21681	external
	https://bugzilla.suse.com/1189345	external
	https://www.suse.com/security/cve/CVE-2020-21682	external
	https://bugzilla.suse.com/1189346	external
	https://www.suse.com/security/cve/CVE-2020-21683	external
	https://bugzilla.suse.com/1189325	external
	https://www.suse.com/security/cve/CVE-2021-3561	external
	https://bugzilla.suse.com/1186329	external

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for transfig",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for transfig fixes the following issues:\n\n- CVE-2021-3561: Fixed global buffer overflow in fig2dev/read.c in function read_colordef() (bsc#1186329).\n- CVE-2019-19797: Fixed out-of-bounds write in read_colordef in read.c (bsc#1159293).\n- CVE-2019-19746: Fixed segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130).\n- CVE-2019-19555: Fixed stack-based buffer overflow because of an incorrect sscanf (bsc#1161698).\n- CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function in bound.c (bsc#1143650).\n- CVE-2020-21680: Fixed a stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343).\n- CVE-2020-21681: Fixed a global buffer overflow in the set_color component in genge.c (bsc#1189345).\n- CVE-2020-21682: Fixed a global buffer overflow in the set_fill component in genge.c (bsc#1189346).\n- CVE-2020-21683: Fixed a global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325).\n\n- Do hardening via compile and linker flags \n- Fixed last added upstream commit (boo#1136882)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sleposp3-transfig-14823,slessp4-transfig-14823",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_14823-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2021:14823-1",
        "url": "https://www.suse.com/support/update/announcement/2021/suse-su-202114823-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2021:14823-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-October/009541.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1136882",
        "url": "https://bugzilla.suse.com/1136882"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1143650",
        "url": "https://bugzilla.suse.com/1143650"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1159130",
        "url": "https://bugzilla.suse.com/1159130"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1159293",
        "url": "https://bugzilla.suse.com/1159293"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1161698",
        "url": "https://bugzilla.suse.com/1161698"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1186329",
        "url": "https://bugzilla.suse.com/1186329"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1189325",
        "url": "https://bugzilla.suse.com/1189325"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1189343",
        "url": "https://bugzilla.suse.com/1189343"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1189345",
        "url": "https://bugzilla.suse.com/1189345"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1189346",
        "url": "https://bugzilla.suse.com/1189346"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14275 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14275/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-19555 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-19555/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-19746 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-19746/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-19797 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-19797/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-21680 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-21680/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-21681 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-21681/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-21682 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-21682/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-21683 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-21683/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3561 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3561/"
      }
    ],
    "title": "Security update for transfig",
    "tracking": {
      "current_release_date": "2021-10-06T14:42:40Z",
      "generator": {
        "date": "2021-10-06T14:42:40Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2021:14823-1",
      "initial_release_date": "2021-10-06T14:42:40Z",
      "revision_history": [
        {
          "date": "2021-10-06T14:42:40Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "transfig-3.2.8a-1.160.13.1.i586",
                "product": {
                  "name": "transfig-3.2.8a-1.160.13.1.i586",
                  "product_id": "transfig-3.2.8a-1.160.13.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "transfig-3.2.8a-1.160.13.1.ppc64",
                "product": {
                  "name": "transfig-3.2.8a-1.160.13.1.ppc64",
                  "product_id": "transfig-3.2.8a-1.160.13.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "transfig-3.2.8a-1.160.13.1.s390x",
                "product": {
                  "name": "transfig-3.2.8a-1.160.13.1.s390x",
                  "product_id": "transfig-3.2.8a-1.160.13.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "transfig-3.2.8a-1.160.13.1.x86_64",
                "product": {
                  "name": "transfig-3.2.8a-1.160.13.1.x86_64",
                  "product_id": "transfig-3.2.8a-1.160.13.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-pos:11:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "transfig-3.2.8a-1.160.13.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586"
        },
        "product_reference": "transfig-3.2.8a-1.160.13.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "transfig-3.2.8a-1.160.13.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586"
        },
        "product_reference": "transfig-3.2.8a-1.160.13.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "transfig-3.2.8a-1.160.13.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64"
        },
        "product_reference": "transfig-3.2.8a-1.160.13.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "transfig-3.2.8a-1.160.13.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x"
        },
        "product_reference": "transfig-3.2.8a-1.160.13.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "transfig-3.2.8a-1.160.13.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
        },
        "product_reference": "transfig-3.2.8a-1.160.13.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-14275",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14275"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14275",
          "url": "https://www.suse.com/security/cve/CVE-2019-14275"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1143650 for CVE-2019-14275",
          "url": "https://bugzilla.suse.com/1143650"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-10-06T14:42:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-14275"
    },
    {
      "cve": "CVE-2019-19555",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-19555"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-19555",
          "url": "https://www.suse.com/security/cve/CVE-2019-19555"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1161698 for CVE-2019-19555",
          "url": "https://bugzilla.suse.com/1161698"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-10-06T14:42:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-19555"
    },
    {
      "cve": "CVE-2019-19746",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-19746"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-19746",
          "url": "https://www.suse.com/security/cve/CVE-2019-19746"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1159130 for CVE-2019-19746",
          "url": "https://bugzilla.suse.com/1159130"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-10-06T14:42:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-19746"
    },
    {
      "cve": "CVE-2019-19797",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-19797"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-19797",
          "url": "https://www.suse.com/security/cve/CVE-2019-19797"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1159293 for CVE-2019-19797",
          "url": "https://bugzilla.suse.com/1159293"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-10-06T14:42:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-19797"
    },
    {
      "cve": "CVE-2020-21680",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-21680"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-21680",
          "url": "https://www.suse.com/security/cve/CVE-2020-21680"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189343 for CVE-2020-21680",
          "url": "https://bugzilla.suse.com/1189343"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-10-06T14:42:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-21680"
    },
    {
      "cve": "CVE-2020-21681",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-21681"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-21681",
          "url": "https://www.suse.com/security/cve/CVE-2020-21681"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189345 for CVE-2020-21681",
          "url": "https://bugzilla.suse.com/1189345"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-10-06T14:42:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-21681"
    },
    {
      "cve": "CVE-2020-21682",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-21682"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-21682",
          "url": "https://www.suse.com/security/cve/CVE-2020-21682"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189346 for CVE-2020-21682",
          "url": "https://bugzilla.suse.com/1189346"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-10-06T14:42:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-21682"
    },
    {
      "cve": "CVE-2020-21683",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-21683"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-21683",
          "url": "https://www.suse.com/security/cve/CVE-2020-21683"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189325 for CVE-2020-21683",
          "url": "https://bugzilla.suse.com/1189325"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-10-06T14:42:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-21683"
    },
    {
      "cve": "CVE-2021-3561",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3561"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3561",
          "url": "https://www.suse.com/security/cve/CVE-2021-3561"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1186329 for CVE-2021-3561",
          "url": "https://bugzilla.suse.com/1186329"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:transfig-3.2.8a-1.160.13.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-10-06T14:42:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-3561"
    }
  ]
}

CVE-2020-21681 (GCVE-0-2020-21681)

Vulnerability from cvelistv5 – Published: 2021-08-10 20:19 – Updated: 2024-08-04 14:30

Summary

A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

https://sourceforge.net/p/mcj/tickets/73/

x_refsource_MISC

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:30:33.622Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/mcj/tickets/73/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-10T20:19:42.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceforge.net/p/mcj/tickets/73/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-21681",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceforge.net/p/mcj/tickets/73/",
              "refsource": "MISC",
              "url": "https://sourceforge.net/p/mcj/tickets/73/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-21681",
    "datePublished": "2021-08-10T20:19:42.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:30:33.622Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-21680 (GCVE-0-2020-21680)

Vulnerability from cvelistv5 – Published: 2021-08-10 20:19 – Updated: 2024-08-04 14:30

Summary

A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

https://sourceforge.net/p/mcj/tickets/74/

x_refsource_MISC

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:30:33.477Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/mcj/tickets/74/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-10T20:19:42.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceforge.net/p/mcj/tickets/74/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-21680",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceforge.net/p/mcj/tickets/74/",
              "refsource": "MISC",
              "url": "https://sourceforge.net/p/mcj/tickets/74/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-21680",
    "datePublished": "2021-08-10T20:19:42.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:30:33.477Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19746 (GCVE-0-2019-19746)

Vulnerability from cvelistv5 – Published: 2019-12-12 02:22 – Updated: 2024-08-05 02:25

Summary

make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://sourceforge.net/p/mcj/tickets/57/	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:25:12.642Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/mcj/tickets/57/"
          },
          {
            "name": "FEDORA-2020-6a2824178e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/"
          },
          {
            "name": "FEDORA-2020-5d0f0593ae",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7XOY5NXUZ6JRBBPYA3CXWGRGQTSDVVG2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-25T08:06:03.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceforge.net/p/mcj/tickets/57/"
        },
        {
          "name": "FEDORA-2020-6a2824178e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/"
        },
        {
          "name": "FEDORA-2020-5d0f0593ae",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7XOY5NXUZ6JRBBPYA3CXWGRGQTSDVVG2/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19746",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceforge.net/p/mcj/tickets/57/",
              "refsource": "MISC",
              "url": "https://sourceforge.net/p/mcj/tickets/57/"
            },
            {
              "name": "FEDORA-2020-6a2824178e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/"
            },
            {
              "name": "FEDORA-2020-5d0f0593ae",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7XOY5NXUZ6JRBBPYA3CXWGRGQTSDVVG2/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19746",
    "datePublished": "2019-12-12T02:22:33.000Z",
    "dateReserved": "2019-12-12T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:25:12.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19797 (GCVE-0-2019-19797)

Vulnerability from cvelistv5 – Published: 2019-12-15 19:53 – Updated: 2024-08-05 02:25

Summary

read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://sourceforge.net/p/mcj/tickets/67/	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:25:12.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/mcj/tickets/67/"
          },
          {
            "name": "FEDORA-2020-6a2824178e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/"
          },
          {
            "name": "FEDORA-2020-5d0f0593ae",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7XOY5NXUZ6JRBBPYA3CXWGRGQTSDVVG2/"
          },
          {
            "name": "[debian-lts-announce] 20211004 [SECURITY] [DLA 2778-1] fig2dev security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-04T11:06:29.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceforge.net/p/mcj/tickets/67/"
        },
        {
          "name": "FEDORA-2020-6a2824178e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/"
        },
        {
          "name": "FEDORA-2020-5d0f0593ae",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7XOY5NXUZ6JRBBPYA3CXWGRGQTSDVVG2/"
        },
        {
          "name": "[debian-lts-announce] 20211004 [SECURITY] [DLA 2778-1] fig2dev security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19797",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceforge.net/p/mcj/tickets/67/",
              "refsource": "MISC",
              "url": "https://sourceforge.net/p/mcj/tickets/67/"
            },
            {
              "name": "FEDORA-2020-6a2824178e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/"
            },
            {
              "name": "FEDORA-2020-5d0f0593ae",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7XOY5NXUZ6JRBBPYA3CXWGRGQTSDVVG2/"
            },
            {
              "name": "[debian-lts-announce] 20211004 [SECURITY] [DLA 2778-1] fig2dev security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19797",
    "datePublished": "2019-12-15T19:53:41.000Z",
    "dateReserved": "2019-12-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:25:12.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14275 (GCVE-0-2019-14275)

Vulnerability from cvelistv5 – Published: 2019-07-26 03:16 – Updated: 2024-08-05 00:12

Summary

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://sourceforge.net/p/mcj/tickets/52/	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:12:43.337Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/mcj/tickets/52/"
          },
          {
            "name": "[debian-lts-announce] 20200121 [SECURITY] [DLA 2073-1] transfig security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html"
          },
          {
            "name": "openSUSE-SU-2020:1702",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00043.html"
          },
          {
            "name": "openSUSE-SU-2020:1843",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-06T00:06:19.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceforge.net/p/mcj/tickets/52/"
        },
        {
          "name": "[debian-lts-announce] 20200121 [SECURITY] [DLA 2073-1] transfig security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html"
        },
        {
          "name": "openSUSE-SU-2020:1702",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00043.html"
        },
        {
          "name": "openSUSE-SU-2020:1843",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00019.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14275",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceforge.net/p/mcj/tickets/52/",
              "refsource": "MISC",
              "url": "https://sourceforge.net/p/mcj/tickets/52/"
            },
            {
              "name": "[debian-lts-announce] 20200121 [SECURITY] [DLA 2073-1] transfig security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html"
            },
            {
              "name": "openSUSE-SU-2020:1702",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00043.html"
            },
            {
              "name": "openSUSE-SU-2020:1843",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00019.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14275",
    "datePublished": "2019-07-26T03:16:12.000Z",
    "dateReserved": "2019-07-25T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:12:43.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3561 (GCVE-0-2021-3561)

Vulnerability from cvelistv5 – Published: 2021-05-26 21:27 – Updated: 2024-08-03 17:01

Summary

An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

Severity ?

No CVSS data available.

CWE

CWE-119

Assigner

redhat

References

URL

Tags

	https://sourceforge.net/p/mcj/tickets/116/	x_refsource_MISC
	https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d…	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1955675	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	fig2dev	Affected: fig2dev 3.2.8a

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:08.146Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/mcj/tickets/116/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955675"
          },
          {
            "name": "FEDORA-2021-dab56300b1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKMOIQX6GULVSYXLYW5JQY6KJNTWV3E4/"
          },
          {
            "name": "FEDORA-2021-b71f405f40",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C44WSY5KAQXC3Y2NMSVXXZS3M5U5U2E6/"
          },
          {
            "name": "[debian-lts-announce] 20211004 [SECURITY] [DLA 2778-1] fig2dev security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "fig2dev",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "fig2dev 3.2.8a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-04T11:06:40.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceforge.net/p/mcj/tickets/116/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955675"
        },
        {
          "name": "FEDORA-2021-dab56300b1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKMOIQX6GULVSYXLYW5JQY6KJNTWV3E4/"
        },
        {
          "name": "FEDORA-2021-b71f405f40",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C44WSY5KAQXC3Y2NMSVXXZS3M5U5U2E6/"
        },
        {
          "name": "[debian-lts-announce] 20211004 [SECURITY] [DLA 2778-1] fig2dev security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3561",
    "datePublished": "2021-05-26T21:27:36.000Z",
    "dateReserved": "2021-05-20T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:01:08.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-21683 (GCVE-0-2020-21683)

Vulnerability from cvelistv5 – Published: 2021-08-10 20:19 – Updated: 2024-08-04 14:30

Summary

A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

https://sourceforge.net/p/mcj/tickets/77/

x_refsource_MISC

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:30:33.400Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/mcj/tickets/77/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-10T20:19:40.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceforge.net/p/mcj/tickets/77/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-21683",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceforge.net/p/mcj/tickets/77/",
              "refsource": "MISC",
              "url": "https://sourceforge.net/p/mcj/tickets/77/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-21683",
    "datePublished": "2021-08-10T20:19:40.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:30:33.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-21682 (GCVE-0-2020-21682)

Vulnerability from cvelistv5 – Published: 2021-08-10 20:19 – Updated: 2024-08-04 14:30

Summary

A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

https://sourceforge.net/p/mcj/tickets/72/

x_refsource_MISC

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:30:33.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/mcj/tickets/72/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-10T20:19:41.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceforge.net/p/mcj/tickets/72/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-21682",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceforge.net/p/mcj/tickets/72/",
              "refsource": "MISC",
              "url": "https://sourceforge.net/p/mcj/tickets/72/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-21682",
    "datePublished": "2021-08-10T20:19:41.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:30:33.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19555 (GCVE-0-2019-19555)

Vulnerability from cvelistv5 – Published: 2019-12-04 16:19 – Updated: 2024-08-05 02:16

Summary

read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://sourceforge.net/p/mcj/tickets/55/	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:48.551Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/mcj/tickets/55/"
          },
          {
            "name": "[debian-lts-announce] 20200121 [SECURITY] [DLA 2073-1] transfig security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-21T23:06:07.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceforge.net/p/mcj/tickets/55/"
        },
        {
          "name": "[debian-lts-announce] 20200121 [SECURITY] [DLA 2073-1] transfig security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19555",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceforge.net/p/mcj/tickets/55/",
              "refsource": "MISC",
              "url": "https://sourceforge.net/p/mcj/tickets/55/"
            },
            {
              "name": "[debian-lts-announce] 20200121 [SECURITY] [DLA 2073-1] transfig security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19555",
    "datePublished": "2019-12-04T16:19:22.000Z",
    "dateReserved": "2019-12-04T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:16:48.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.