Vulnerability Details CVE-2020-21676
A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.8%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://cwe.mitre.org/data/definitions/121.html
- https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html
- https://lists.debian.org/debian-lts-announce/2023/01/msg00044.html
- https://sourceforge.net/p/mcj/tickets/76/
- https://cwe.mitre.org/data/definitions/121.html
- https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html
- https://lists.debian.org/debian-lts-announce/2023/01/msg00044.html
- https://sourceforge.net/p/mcj/tickets/76/
Products affected by CVE-2020-21676
-
cpe:2.3:a:fig2dev_project:fig2dev:3.2.7b
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:9.0