CVE-2021-3561

HIGH
Published May 26, 20215y ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published May 26, 2021 5y ago
Last Modified Jun 17, 2026 2w ago

Description

An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity High
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 4

VendorProductVersionRange
fig2dev_projectfig2dev3.2.8any
fedoraprojectfedora33any
fedoraprojectfedora34any
debiandebian_linux9.0any

References 6

  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1955675
    Issue TrackingPatchThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C44WSY5KAQXC3Y2NMSVXXZS3M5U5U2E6/
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKMOIQX6GULVSYXLYW5JQY6KJNTWV3E4/
    Mailing ListThird Party Advisory
  • sourceforge.net https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/
    PatchThird Party Advisory
  • sourceforge.net https://sourceforge.net/p/mcj/tickets/116/
    ExploitThird Party Advisory

Remediation

  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1955675
    Issue TrackingPatchThird Party Advisory
  • sourceforge.net https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/
    PatchThird Party Advisory