Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:HPE Helion OpenStack 8 package transfig, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (16)
CVE-2021-3561 — CVSS 7.1 (high): An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a…
CVE-2019-19746 — CVSS 5.5 (medium): make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large…
CVE-2020-21680 — CVSS 5.5 (medium): A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service…
CVE-2020-21681 — CVSS 5.5 (medium): A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via…
CVE-2020-21682 — CVSS 5.5 (medium): A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via…
CVE-2020-21683 — CVSS 5.5 (medium): A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a…
CVE-2021-32280 — CVSS 5.5 (medium): An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in…