Detections
Analytics

SUSE SLES11 Security Update : transfig (SUSE-SU-2021:14823-1)

high Nessus Plugin ID 153915

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14823-1 advisory.

 - CVE-2021-3561: Fixed global buffer overflow in fig2dev/read.c in function read_colordef() (bsc#1186329).
 - CVE-2019-19797: Fixed out-of-bounds write in read_colordef in read.c (bsc#1159293).
 - CVE-2019-19746: Fixed segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130).
 - CVE-2019-19555: Fixed stack-based buffer overflow because of an incorrect sscanf (bsc#1161698).
 - CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function in bound.c (bsc#1143650).
 - CVE-2020-21680: Fixed a stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343).
 - CVE-2020-21681: Fixed a global buffer overflow in the set_color component in genge.c (bsc#1189345).
 - CVE-2020-21682: Fixed a global buffer overflow in the set_fill component in genge.c (bsc#1189346).
 - CVE-2020-21683: Fixed a global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325).

 - Do hardening via compile and linker flags
 - Fixed last added upstream commit (boo#1136882)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected transfig package.

See Also

https://bugzilla.suse.com/1136882

https://bugzilla.suse.com/1143650

https://bugzilla.suse.com/1159130

https://bugzilla.suse.com/1159293

https://bugzilla.suse.com/1161698

https://bugzilla.suse.com/1186329

https://bugzilla.suse.com/1189325

https://bugzilla.suse.com/1189343

https://bugzilla.suse.com/1189345

https://bugzilla.suse.com/1189346

https://www.suse.com/security/cve/CVE-2019-14275

https://www.suse.com/security/cve/CVE-2019-19555

https://www.suse.com/security/cve/CVE-2019-19746

https://www.suse.com/security/cve/CVE-2019-19797

https://www.suse.com/security/cve/CVE-2020-21680

https://www.suse.com/security/cve/CVE-2020-21681

https://www.suse.com/security/cve/CVE-2020-21682

https://www.suse.com/security/cve/CVE-2020-21683

https://www.suse.com/security/cve/CVE-2021-3561

http://www.nessus.org/u?63df51a4

Plugin Details

Severity: High

ID: 153915

File Name: suse_SU-2021-14823-1.nasl

Version: 1.5

Type: Local

Agent: unix

Published: 10/7/2021

Updated: 6/25/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2021-3561

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:transfig

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/6/2021

Vulnerability Publication Date: 7/26/2019

Reference Information

CVE: CVE-2019-14275, CVE-2019-19555, CVE-2019-19746, CVE-2019-19797, CVE-2020-21680, CVE-2020-21681, CVE-2020-21682, CVE-2020-21683, CVE-2021-3561

SuSE: SUSE-SU-2021:14823-1