CVE-2021-3561

Published: 26 May 2021

An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

Notes

Author	Note
leosilva	shipped fig2dev into transfig for xenial and trusty has not the code affected

Priority

Cvss 3 Severity Score

7.1

Score breakdown

Status

Package	Release	Status
fig2dev Launchpad, Ubuntu, Debian	focal	Released (1:3.2.7a-7ubuntu0.1)
	jammy	Not vulnerable (1:3.2.8-3)
	lunar	Not vulnerable (1:3.2.8-3)
	impish	Not vulnerable (1:3.2.8-3)
	kinetic	Not vulnerable (1:3.2.8-3)
	trusty	Does not exist
	xenial	Ignored (end of standard support)
	upstream	Released (1:3.2.8-3)
	groovy	Ignored (end of life)
	hirsute	Ignored (end of life)
	bionic	Released (1:3.2.6a-6ubuntu1.1)
transfig Launchpad, Ubuntu, Debian	jammy	Does not exist
	lunar	Does not exist
	xenial	Not vulnerable
	impish	Does not exist
	kinetic	Does not exist
	trusty	Does not exist
	bionic	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	upstream	Needs triage

Severity score breakdown

Parameter	Value
Base score	7.1
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›