Candidate: CVE-2021-3561
PublicDate: 2021-05-26 22:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3561
 https://sourceforge.net/p/mcj/tickets/116/
 https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/
 https://bugzilla.redhat.com/show_bug.cgi?id=1955675
Description:
 An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds
 check in read_objects() could allow an attacker to provide a crafted
 malicious input causing the application to either crash or in some cases
 cause memory corruption. The highest threat from this vulnerability is to
 integrity as well as system availability.
Ubuntu-Description:
Notes:
 leosilva> shipped fig2dev into transfig for xenial and trusty has not the code affected
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H [7.1 HIGH]


Patches_fig2dev:
upstream_fig2dev: released (1:3.2.8-3)
trusty_fig2dev: ignored (out of standard support)
trusty/esm_fig2dev: DNE
xenial_fig2dev: ignored (out of standard support)
bionic_fig2dev: needs-triage
focal_fig2dev: needs-triage
groovy_fig2dev: ignored (reached end-of-life)
hirsute_fig2dev: ignored (reached end-of-life)
impish_fig2dev: not-affected (1:3.2.8-3)
jammy_fig2dev: not-affected (1:3.2.8-3)
devel_fig2dev: not-affected (1:3.2.8-3)

Patches_transfig:
upstream_transfig: needs-triage
trusty_transfig: ignored (out of standard support)
trusty/esm_transfig: DNE
xenial_transfig: ignored (out of standard support)
esm-infra/xenial_transfig: not-affected
bionic_transfig: DNE
focal_transfig: DNE
groovy_transfig: DNE
hirsute_transfig: DNE
impish_transfig: DNE
jammy_transfig: DNE
devel_transfig: DNE