CVE-2020-21676: 
NixOS vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability was discovered in fig2dev version 3.2.7b, identified as CVE-2020-21676. The vulnerability exists in the genpstrx_text() component within the genpstricks.c file, which can be triggered when converting a xfig file into pstricks format (NVD, Debian Tracker).

The vulnerability is a stack-based buffer overflow that occurs in the genpstrx_text() function at line 2732 of genpstricks.c. The issue manifests when processing text angles during the conversion of xfig files to pstricks format. The CVSS v3.1 base score is 5.5 (Medium) with the vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD, SourceForge Ticket).

When exploited, this vulnerability can lead to a denial of service (DoS) condition through the manipulation of xfig files during conversion to pstricks format. The impact is primarily on the availability of the system, with no direct impact on confidentiality or integrity (NVD).

The vulnerability has been fixed in multiple distributions. Debian 9 (Stretch) was patched in version 1:3.2.6a-2+deb9u4, and Debian 10 (Buster) was fixed in version 1:3.2.7a-5+deb10u5. The fix implements angle validation checks to prevent buffer overflow conditions by rejecting angles beyond the range of -7 to 7 (Debian LTS Announce, Debian LTS Announce).