VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 16, 2021· Updated Aug 4, 2024

CVE-2020-21535

CVE-2020-21535

Description

An out-of-bounds read in fig2dev 3.2.7b's gencgm_start function causes a segmentation fault, potentially enabling denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An out-of-bounds read in fig2dev 3.2.7b's gencgm_start function causes a segmentation fault, potentially enabling denial of service.

Vulnerability

In fig2dev version 3.2.7b, the gencgm_start() function in gencgm.c at line 233 performs an out-of-bounds read (CWE-125) [1]. This flaw leads to a segmentation fault when processing a specially crafted FIG file. The vulnerability is also reproducible in the git commit 3065ab of the same version [2].

Exploitation

An attacker can trigger the vulnerability by supplying a malicious .fig file to the fig2dev utility. No authentication or special privileges are required beyond the ability to run the tool on the crafted input. The crash is immediate upon processing the malformed file, as observed in the ASAN output showing a SEGV signal due to a read access at an invalid address [2].

Impact

Successful exploitation results in a denial of service (DoS) due to application crash. The out-of-bounds read can cause termination of the fig2dev process, potentially disrupting automated workflows that rely on this tool. While only a segmentation fault is reported, the underlying out-of-bounds read could, in theory, be leveraged for more severe outcomes under specific conditions, though no such exploit is demonstrated in the references.

Mitigation

No official patch or fixed version has been released as of the publication date (2021-09-16). Users are advised to avoid processing untrusted .fig files with the affected fig2dev 3.2.7b binary. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Until a fix is available, limiting exposure by not using the tool on files from untrusted sources is the recommended workaround.

References
  1. CWE - CWE-125: Out-of-bounds Read (4.20)
  2. Xfig / Tickets / #62 Segmentation Fault in gencgm_start() function

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

24

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Null or invalid pointer dereference in the gencgm_start function at gencgm.c:233 leads to a segmentation fault."

Attack vector

An attacker provides a crafted FIG file that, when processed by fig2dev with the CGM output device, triggers a read from an invalid memory address in the gencgm_start function at gencgm.c:233 [ref_id=1]. The crash occurs during object processing in gendev_objects (fig2dev.c:995) called from main (fig2dev.c:480) [ref_id=1]. No authentication or special privileges are required — the attacker only needs to supply the malicious FIG file to the fig2dev utility.

Affected code

The vulnerability is in the gencgm_start function in fig2dev-3.2.7b/fig2dev/dev/gencgm.c at line 233 [ref_id=1]. The crash occurs during object processing via gendev_objects in fig2dev.c:995, called from main at fig2dev.c:480 [ref_id=1].

What the fix does

No patch is included in the bundle. The advisory [ref_id=1] reports the segmentation fault in gencgm_start at gencgm.c:233 and confirms it is reproducible in git commit 3065ab, but does not provide a fix or remediation guidance. A fix would need to add a null-pointer or bounds check before the memory access at line 233 of gencgm.c.

Preconditions

  • inputAttacker must supply a crafted FIG file to the fig2dev utility.
  • configThe fig2dev utility must be invoked with the CGM output device (or a configuration that triggers gencgm_start).

Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.