Summaryinfo

A vulnerability, which was classified as critical, was found in fig2dev 3.2.7b. Affected is the function put_arrow of the file genpict2e.c of the component pict2e File Handler. The manipulation leads to stack-based overflow. This vulnerability is traded as CVE-2020-21680. There is no exploit available. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in fig2dev 3.2.7b. This issue affects the function put_arrow of the file genpict2e.c of the component pict2e File Handler. The manipulation with an unknown input leads to a stack-based overflow vulnerability. Using CWE to declare the problem leads to CWE-121. A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). Impacted is availability.

The weakness was released 08/11/2021. It is possible to read the advisory at sourceforge.net. The identification of this vulnerability is CVE-2020-21680. Technical details of the vulnerability are known, but there is no available exploit.

The vulnerability scanner Nessus provides a plugin with the ID 240492 (Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Fig2dev vulnerabilities (USN-7587-1)), which helps to determine the existence of the flaw in a target environment.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at Tenable (240492). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Name

• fig2dev

Version

• 3.2.7b

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion