CVE-2020-21530
Description
fig2dev 3.2.7b contains a segmentation fault in read_objects() in read.c, allowing denial of service via crafted input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
fig2dev 3.2.7b contains a segmentation fault in read_objects() in read.c, allowing denial of service via crafted input.
Vulnerability
In fig2dev version 3.2.7b (and also git commit 3065ab), the read_objects function in read.c at line 459 can be triggered to cause a segmentation fault. The bug is reachable when parsing a specially crafted FIG file, leading to a crash.
Exploitation
An attacker can craft a malicious FIG file and trick a user into processing it with fig2dev (e.g., fig2dev -L png crafted.fig). No special privileges are needed; the user must run fig2dev on the file. The crash occurs during the read_objects call, as demonstrated by the reported AddressSanitizer output [1].
Impact
Successful exploitation results in a segmentation fault, causing fig2dev to crash. This constitutes a denial of service (DoS) as the application terminates abnormally. No evidence of arbitrary code execution or information disclosure is provided in the references.
Mitigation
No patch or fix has been publicly disclosed as of the reference date. Users should handle untrusted FIG files with caution and consider using alternative tools or restricting file sources until a fix is released.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
25- fig2dev/fig2devdescription
- osv-coords22 versionspkg:rpm/opensuse/transfig&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/transfig&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/transfig&distro=openSUSE%20Tumbleweedpkg:rpm/suse/transfig&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3pkg:rpm/suse/transfig&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/transfig&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/transfig&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/transfig&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/transfig&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/transfig&distro=SUSE%20Package%20Hub%2015%20SP3
< 3.2.8b-lp152.6.9.1+ 21 more
- (no CPE)range: < 3.2.8b-lp152.6.9.1
- (no CPE)range: < 3.2.8b-bp153.3.6.3
- (no CPE)range: < 3.2.8b-2.1
- (no CPE)range: < 3.2.8b-2.20.1
- (no CPE)range: < 3.2.8b-160.16.2
- (no CPE)range: < 3.2.8b-160.16.2
- (no CPE)range: < 3.2.8b-2.20.1
- (no CPE)range: < 3.2.8b-2.20.1
- (no CPE)range: < 3.2.8b-2.20.1
- (no CPE)range: < 3.2.8b-2.20.1
- (no CPE)range: < 3.2.8b-2.20.1
- (no CPE)range: < 3.2.8b-2.20.1
- (no CPE)range: < 3.2.8b-2.20.1
- (no CPE)range: < 3.2.8b-2.20.1
- (no CPE)range: < 3.2.8b-4.15.1
- (no CPE)range: < 3.2.8b-4.15.1
- (no CPE)range: < 3.2.8b-2.20.1
- (no CPE)range: < 3.2.8b-2.20.1
- (no CPE)range: < 3.2.8b-2.20.1
- (no CPE)range: < 3.2.8b-2.20.1
- (no CPE)range: < 3.2.8b-bp152.3.6.2
- (no CPE)range: < 3.2.8b-bp153.3.6.3
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing bounds checking on object data in read_objects() allows an out-of-bounds read access."
Attack vector
An attacker provides a crafted FIG file that triggers a segmentation fault in the read_objects() function at read.c:459 [ref_id=1]. The vulnerability is reachable when fig2dev processes the malicious file via the command line, as shown by the ASAN trace from main through read_fig and readfp_fig into read_objects [ref_id=1]. No authentication or special privileges are required beyond the ability to supply a FIG file to the utility.
Affected code
The crash occurs in read_objects() in fig2dev/read.c at line 459 [ref_id=1]. The call chain is main (fig2dev.c:422) → read_fig (read.c:142) → readfp_fig (read.c:172) → read_objects (read.c:459) [ref_id=1].
What the fix does
No patch is included in the bundle. The advisory [ref_id=1] reports the crash but does not provide a fix or remediation guidance. The vendor ticket remains open, and the issue was confirmed reproducible in git commit 3065ab as well as version 3.2.7b [ref_id=1].
Preconditions
- inputAttacker must supply a crafted FIG file to fig2dev.
Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- lists.debian.org/debian-lts-announce/2021/10/msg00002.htmlmitremailing-listx_refsource_MLIST
- sourceforge.net/p/mcj/tickets/61/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.