Skip to main content

Fig2Dev CVE-2021-32280

MEDIUM
NULL Pointer Dereference (CWE-476)
2021-09-20 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 20, 2021 - 16:15 nvd
MEDIUM 5.5

DescriptionNVD

An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.

AnalysisAI

An issue was discovered in fig2dev before 3.2.8.. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8. Affected products include: Xfig Project Fig2Dev, Debian Debian Linux. Version information: before 3.2.8...

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2025-46397 HIGH POC
7.8 Apr 23

A flaw was found in xfig. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit co

CVE-2021-3561 HIGH POC
7.1 May 26

An Out of Bounds flaw was found fig2dev version 3.2.8a. Rated high severity (CVSS 7.1), this vulnerability is no authent

CVE-2025-31163 MEDIUM POC
6.6 Mar 28

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_

CVE-2025-31162 MEDIUM POC
6.6 Mar 28

Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation vi

CVE-2025-31164 MEDIUM POC
6.6 Mar 28

heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via cr

CVE-2025-46398 MEDIUM POC
5.5 Apr 23

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation v

CVE-2025-46400 MEDIUM POC
5.5 Apr 23

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input

CVE-2025-46399 MEDIUM POC
5.5 Apr 23

A flaw was found in fig2dev. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public explo

CVE-2019-19797 MEDIUM POC
5.5 Dec 15

read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. Rated medium severity (CVSS 5.5), this vulner

CVE-2019-19746 MEDIUM POC
5.5 Dec 12

make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer o

CVE-2019-14275 MEDIUM POC
5.5 Jul 26

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. Rated medium severity (CVSS

CVE-2018-16140 HIGH
7.8 Aug 30

A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the begi

Share

CVE-2021-32280 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy