Vulnerability Description
An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xfig Project | Fig2Dev | < 3.2.8 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://lists.debian.org/debian-lts-announce/2021/10/msg00002.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/01/msg00044.htmlMailing ListThird Party Advisory
- https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec99Patch
- https://sourceforge.net/p/mcj/tickets/107/ExploitIssue TrackingPatch
- https://lists.debian.org/debian-lts-announce/2021/10/msg00002.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/01/msg00044.htmlMailing ListThird Party Advisory
- https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec99Patch
- https://sourceforge.net/p/mcj/tickets/107/ExploitIssue TrackingPatch
FAQ
What is CVE-2021-32280?
CVE-2021-32280 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service....
How severe is CVE-2021-32280?
CVE-2021-32280 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32280?
Check the references section above for vendor advisories and patch information. Affected products include: Xfig Project Fig2Dev, Debian Debian Linux.