transfig-3.2.8a-5.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11472 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z transfig-3.2.8a-5.1 on GA media These are all security issues fixed in the transfig-3.2.8a-5.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11472 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11472 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-16899/ SUSE CVE CVE-2017-16899 page https://www.suse.com/security/cve/CVE-2018-16140/ SUSE CVE CVE-2018-16140 page https://www.suse.com/security/cve/CVE-2019-14275/ SUSE CVE CVE-2019-14275 page https://www.suse.com/security/cve/CVE-2019-19555/ SUSE CVE CVE-2019-19555 page https://www.suse.com/security/cve/CVE-2019-19746/ SUSE CVE CVE-2019-19746 page https://www.suse.com/security/cve/CVE-2019-19797/ SUSE CVE CVE-2019-19797 page https://www.suse.com/security/cve/CVE-2020-21680/ SUSE CVE CVE-2020-21680 page https://www.suse.com/security/cve/CVE-2020-21681/ SUSE CVE CVE-2020-21681 page https://www.suse.com/security/cve/CVE-2020-21682/ SUSE CVE CVE-2020-21682 page https://www.suse.com/security/cve/CVE-2020-21683/ SUSE CVE CVE-2020-21683 page https://www.suse.com/security/cve/CVE-2021-3561/ SUSE CVE CVE-2021-3561 page openSUSE Tumbleweed transfig-3.2.8a-5.1 transfig-3.2.8a-5.1 as a component of openSUSE Tumbleweed An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c. CVE-2017-16899 openSUSE Tumbleweed:transfig-3.2.8a-5.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-16899.html CVE-2017-16899 https://bugzilla.suse.com/1069257 SUSE Bug 1069257 A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. CVE-2018-16140 openSUSE Tumbleweed:transfig-3.2.8a-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16140.html CVE-2018-16140 https://bugzilla.suse.com/1106531 SUSE Bug 1106531 Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. CVE-2019-14275 openSUSE Tumbleweed:transfig-3.2.8a-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14275.html CVE-2019-14275 https://bugzilla.suse.com/1143650 SUSE Bug 1143650 read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. CVE-2019-19555 openSUSE Tumbleweed:transfig-3.2.8a-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-19555.html CVE-2019-19555 https://bugzilla.suse.com/1161698 SUSE Bug 1161698 make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. CVE-2019-19746 openSUSE Tumbleweed:transfig-3.2.8a-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-19746.html CVE-2019-19746 https://bugzilla.suse.com/1159130 SUSE Bug 1159130 read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. CVE-2019-19797 openSUSE Tumbleweed:transfig-3.2.8a-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-19797.html CVE-2019-19797 https://bugzilla.suse.com/1159293 SUSE Bug 1159293 A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. CVE-2020-21680 openSUSE Tumbleweed:transfig-3.2.8a-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-21680.html CVE-2020-21680 https://bugzilla.suse.com/1189343 SUSE Bug 1189343 A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. CVE-2020-21681 openSUSE Tumbleweed:transfig-3.2.8a-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-21681.html CVE-2020-21681 https://bugzilla.suse.com/1189345 SUSE Bug 1189345 A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. CVE-2020-21682 openSUSE Tumbleweed:transfig-3.2.8a-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-21682.html CVE-2020-21682 https://bugzilla.suse.com/1189346 SUSE Bug 1189346 A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. CVE-2020-21683 openSUSE Tumbleweed:transfig-3.2.8a-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-21683.html CVE-2020-21683 https://bugzilla.suse.com/1189325 SUSE Bug 1189325 An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. CVE-2021-3561 openSUSE Tumbleweed:transfig-3.2.8a-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3561.html CVE-2021-3561 https://bugzilla.suse.com/1186329 SUSE Bug 1186329