CVE-2025-46397 Xfig: xfig: stack-overflow allows possible code execution via local input manipulation

🗓️ 23 Apr 2025 20:55:09Reported by redhatType

Stack-overflow in fig2dev version 3.2.9a enables code execution via bezier_spline input manipulation.

Reporter	Title	Published	Views	Family All 92
ATTACKERKB	CVE-2025-46397	23 Apr 202521:15	–	attackerkb
Tenable Nessus	Alibaba Cloud Linux 3 : 0017: transfig (ALINUX3-SA-2026:0017)	26 Jan 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : transfig (ALSA-2026:0700)	19 Jan 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : transfig (ALSA-2026:0756)	19 Jan 202600:00	–	nessus
Tenable Nessus	Debian dla-4147 : fig2dev - security update	30 Apr 202500:00	–	nessus
Tenable Nessus	Fedora 41 : transfig (2025-465f43da19)	23 Jul 202500:00	–	nessus
Tenable Nessus	Fedora 42 : transfig (2025-ea5c403b3e)	23 Jul 202500:00	–	nessus
Tenable Nessus	MiracleLinux 9 : transfig-3.2.7b-11.el9_7 (AXSA:2026-046:01)	20 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 8 : transfig-3.2.6a-5.el8_10 (AXSA:2026-048:02)	20 Jan 202600:00	–	nessus
Tenable Nessus	Oracle Linux 9 : transfig (ELSA-2026-0700)	16 Jan 202600:00	–	nessus

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "3.2.9a"
      }
    ],
    "packageName": "xfig",
    "collectionURL": "https://sourceforge.net/projects/mcj/",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "transfig",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1:3.2.6a-5.el8_10",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "transfig",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1:3.2.7b-11.el9_7",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "transfig",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1:3.2.7b-10.el9_4.1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.4::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "transfig",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1:3.2.7b-10.el9_6.1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.6::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "transfig",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "transfig",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2026:0704
access	www.access.redhat.com/errata/RHSA-2026:0700
access	www.access.redhat.com/errata/RHSA-2026:0705
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2026:0756
sourceforge	www.sourceforge.net/p/mcj/tickets/192/
access	www.access.redhat.com/security/cve/CVE-2025-46397

19 Jan 2026 03:55Current

CVSS 3.17.8

EPSS0.0007

CWE-120