transfig-3.2.8b-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11595-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z transfig-3.2.8b-2.1 on GA media These are all security issues fixed in the transfig-3.2.8b-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11595 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-21529/ SUSE CVE CVE-2020-21529 page https://www.suse.com/security/cve/CVE-2020-21530/ SUSE CVE CVE-2020-21530 page https://www.suse.com/security/cve/CVE-2020-21531/ SUSE CVE CVE-2020-21531 page https://www.suse.com/security/cve/CVE-2020-21532/ SUSE CVE CVE-2020-21532 page https://www.suse.com/security/cve/CVE-2020-21533/ SUSE CVE CVE-2020-21533 page https://www.suse.com/security/cve/CVE-2020-21534/ SUSE CVE CVE-2020-21534 page https://www.suse.com/security/cve/CVE-2020-21535/ SUSE CVE CVE-2020-21535 page https://www.suse.com/security/cve/CVE-2021-32280/ SUSE CVE CVE-2021-32280 page openSUSE Tumbleweed transfig-3.2.8b-2.1 transfig-3.2.8b-2.1 as a component of openSUSE Tumbleweed fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. CVE-2020-21529 openSUSE Tumbleweed:transfig-3.2.8b-2.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-21529.html CVE-2020-21529 https://bugzilla.suse.com/1190618 SUSE Bug 1190618 fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. CVE-2020-21530 openSUSE Tumbleweed:transfig-3.2.8b-2.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-21530.html CVE-2020-21530 https://bugzilla.suse.com/1190615 SUSE Bug 1190615 fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. CVE-2020-21531 openSUSE Tumbleweed:transfig-3.2.8b-2.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-21531.html CVE-2020-21531 https://bugzilla.suse.com/1190617 SUSE Bug 1190617 fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. CVE-2020-21532 openSUSE Tumbleweed:transfig-3.2.8b-2.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-21532.html CVE-2020-21532 https://bugzilla.suse.com/1190616 SUSE Bug 1190616 fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. CVE-2020-21533 openSUSE Tumbleweed:transfig-3.2.8b-2.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-21533.html CVE-2020-21533 https://bugzilla.suse.com/1190612 SUSE Bug 1190612 fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. CVE-2020-21534 openSUSE Tumbleweed:transfig-3.2.8b-2.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-21534.html CVE-2020-21534 https://bugzilla.suse.com/1190611 SUSE Bug 1190611 fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. CVE-2020-21535 openSUSE Tumbleweed:transfig-3.2.8b-2.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-21535.html CVE-2020-21535 https://bugzilla.suse.com/1190607 SUSE Bug 1190607 An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8. CVE-2021-32280 openSUSE Tumbleweed:transfig-3.2.8b-2.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-32280.html CVE-2021-32280 https://bugzilla.suse.com/1192019 SUSE Bug 1192019