- ------------------------------------------------------------------------- Debian LTS Advisory DLA-3304-1 [email protected] https://www.debian.org/lts/security/ Adrian BunkJanuary 31, 2023 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : fig2dev Version : 1:3.2.7a-5+deb10u5 CVE ID : CVE-2020-21529 CVE-2020-21531 CVE-2020-21532 CVE-2020-21676 CVE-2021-32280 Debian Bug : 960736 Brief introduction CVE-2020-21529 Stack buffer overflow in bezier_spline(). CVE-2020-21531 Global buffer overflow in conv_pattern_index(). CVE-2020-21532 Global buffer overflow in setfigfont(). CVE-2020-21676 Stack-based buffer overflow in genpstrx_text(). CVE-2021-32280 NULL pointer dereference in compute_closed_spline(). For Debian 10 buster, these problems have been fixed in version 1:3.2.7a-5+deb10u5. We recommend that you upgrade your fig2dev packages. For the detailed security status of fig2dev please refer to its security tracker page at: https://security-tracker.debian.org/tracker/fig2dev Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS