CVE-2021-3561 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Fig2dev

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write8 documents7 sources

Severity

7.1HIGHNVD

EPSS

0.4%

top 36.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fig2dev Project Fig2dev Debian Linux Fedoraproject Fedora

Timeline

PublishedMay 26

Latest updateFeb 13

Description

An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

▶Debianfig2dev_project/fig2dev< 1:3.2.8-3+3

▶CVEListV5fig2dev_project/fig2devfig2dev 3.2.8a

▶NVDfig2dev_project/fig2dev3.2.8

Also affects: Debian Linux 9.0, Fedora 33, 34

Patches

Patch: bugzilla.redhat.com ↗Patch: sourceforge.net ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

fig2dev vulnerabilities↗2023-02-13

▶

GHSA

GHSA-w359-m9m3-v2w3: An Out of Bounds flaw was found fig2dev version 3↗2022-05-24

▶

OSV

CVE-2021-3561: An Out of Bounds flaw was found fig2dev version 3↗2021-05-26

▶

CVEList

CVE-2021-3561: An Out of Bounds flaw was found fig2dev version 3↗2021-05-26

▶

📋Vendor Advisories

Ubuntu

Fig2dev vulnerabilities↗2023-02-13

▶

Red Hat

fig2dev: Global buffer overflow in fig2dev/read.c in function read_objects↗2021-04-26

▶

Debian

CVE-2021-3561: fig2dev - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in...↗2021

▶