[SECURITY] [DLA 4147-1] fig2dev security update

Debian LTS Advisory DLA-4147-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin April 30, 2025 https://wiki.debian.org/LTS Package : fig2dev Version : 1:3.2.8-3+deb11u3 CVE ID : CVE-2025-46397 CVE-2025-46398 CVE-2025-46399 CVE-2025-46400 Multiple vulnerabilities wer...

DLA-4147-1 fig2dev - security update

Bulletin has no description...

Debian dla-4147 : fig2dev - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4147 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4147-1 [email protected]...

DEBIAN-CVE-2025-46399

A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via gengeitpspline function...

CVE-2025-46399

A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via gengeitpspline function...

CVE-2025-46399

A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via gengeitpspline function...

CVE-2025-46400

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via readarcobject function...

DEBIAN-CVE-2025-46400

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via readarcobject function...

CVE-2025-46400

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via readarcobject function...

CVE-2025-46398

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via readobjects function...

CVE-2025-46398

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via readobjects function...

DEBIAN-CVE-2025-46398

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via readobjects function...

CVE-2025-46397

A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezierspline function...

CVE-2025-46397

A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezierspline function...

UBUNTU-CVE-2025-46398

Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via readobjects function...

UBUNTU-CVE-2025-46400

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via readarcobject function...

UBUNTU-CVE-2025-46399

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via gengeitpspline function...

UBUNTU-CVE-2025-46397

Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezierspline function...

CVE-2025-46400

CVE-2025-46400 affects fig2dev (part of the transfig/xfig toolchain). A segmentation fault in read_arcobject can cause denial of service by local input manipulation, impacting availability. Documents consistently describe a segmentation fault via read_arcobject as the root cause, with multiple ad...

CVE-2025-46400 Xfig: fig2dev segmentation fault in read_arcobject

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via readarcobject function...