20 matches found
CVE-2019-19746
CVE-2019-19746 affects Xfig’s fig2dev (notably the make_arrow path in arrow.c for version 3.2.7b). The vulnerability is described as a segmentation fault and an out-of-bounds write caused by an integer overflow when processing a large arrow type. Public advisories (SUSE/openSUSE) cite vulnerable ...
CVE-2021-3561
CVE-2021-3561 refers to an Out of Bounds flaw in fig2dev (version 3.2.8a). The flaw arises from a flawed bounds check in read_objects(), which could allow a crafted input to crash the application or, in some cases, cause memory corruption, impacting integrity and availability. The connected docum...
CVE-2018-16140
CVE-2018-16140 : A buffer underwrite in get_line() (read.c) of fig2dev 3.2.7a allows writing before the start of the target buffer via a crafted .fig file. The vulnerability is triggered by parsing a FIG file and results in memory corruption (no remediation details provided in the supplied docume...
CVE-2020-21683
CVE-2020-21683 is associated with fig2dev 3.2.7b and involves a global buffer overflow in the function shade_or_tint_name_after_declare_color (genpstricks.c) that can cause a denial of service when converting a Fig file to pstricks format. Public disclosures across multiple vendors/advisories (e....
CVE-2020-21680
CVE-2020-21680 is a vulnerability in fig2dev (Xfig) where a stack-based buffer overflow in the put_arrow() function in genpict2e.c of fig2dev 3.2.7b allows an attacker to cause a denial of service when converting a xfig file to pict2e format. Affected software is fig2dev 3.2.7b (and related 3.2.x...
CVE-2020-21682
CVE-2020-21682 affects fig2dev 3.2.7b (genge.c: set_fill) with a global buffer overflow that enables a denial-of-service when converting a crafted Fig file to ge format. Several vendors/advisories (Red Hat transfig, Amazon ALAS- family, openSUSE/OpenVAS) reference this CVE among a cluster of Fig2...
CVE-2020-21681
CVE-2020-21681 is a vulnerability in fig2dev (component set_color in genge.c) observed in version 3.2.7b where a global buffer overflow can cause a denial of service when converting a xfig file to ge format. Multiple advisories (openSUSE, Amazon Linux ALAS-2023-1807, Red Hat transfig references) ...
CVE-2025-46397
CVE-2025-46397 is a vulnerability in xfig/fig2dev where a stack overflow via local input manipulation in the bezier_spline function could lead to code execution. The issue is triggered by crafted input to the utility that processes FIG/PIC figures. Public advisories (AlmaLinux, Debian LTS, Astra)...
CVE-2025-46398
CVE-2025-46398 affects fig2dev (part of xfig/Transfig). The vulnerability is a stack overflow in read_objects() that allows memory corruption via local input manipulation, exploitable by a locally authenticated user under conditions described in several advisories. Public disclosures in Debian LT...
CVE-2025-46400
CVE-2025-46400 affects fig2dev (part of the transfig/xfig toolchain). A segmentation fault in read_arcobject can cause denial of service by local input manipulation, impacting availability. Documents consistently describe a segmentation fault via read_arcobject as the root cause, with multiple ad...
CVE-2020-21675
CVE-2020-21675 affects fig2dev 3.2.7b, caused by a stack-based buffer overflow in the genptk_text component (genptk.c), which can lead to denial of service when converting XFig to ptk. Affected product: fig2dev (Xfig suite). Root cause: stack overflow in genptk_text. Impact: DoS via crafted input...
CVE-2020-21684
CVE-2020-21684 affects fig2dev 3.2.7b: a global buffer overflow in put_font (genpict2e.c) can cause a denial of service by converting a xfig file to pict2e format. Connected sources confirm the vulnerability in fig2dev 3.2.7b and describe the exact affected component and impact. No remediation de...
CVE-2020-21676
CVE-2020-21676 is a stack-based buffer overflow in genpstrx_text() of fig2dev 3.2.7b, allowing denial of service when converting a xfig file to pstricks. Public advisories (Debian/Ubuntu) indicate fixes in later fig2dev releases (e.g., Debian 1:3.2.7a-5+deb10u5; Ubuntu USN-5864-1). Remediation: u...
CVE-2025-46399
CVE-2025-46399 affects fig2dev (part of transfig) with a segmentation fault in genge_itp_spline, enabling local input-based disruption and potential denial of service. Related advisories confirm multiple vendors acknowledge the issue; Debian LTS reports a fix in fig2dev 1:3.2.8-3+deb11u3. Other e...
CVE-2021-37530
CVE-2021-37530 affects fig2dev (up to 3.28a) with a denial-of-service due to a segfault in readpics.c open_stream. Multiple connected sources consistently describe a segfault in open_stream that can crash fig2dev when processing crafted input, causing a DoS. The core vulnerable component is the o...
CVE-2025-31163
CVE-2025-31163 corresponds to a segmentation fault in the xfig tool fig2dev, triggered by local input manipulation in put_patternarc for version 3.2.9a. The issue is publicly discussed across multiple advisories and has been addressed in various distributions: SUSE advisories (SUSE-SU-2025:01835-...
CVE-2021-37529
CVE-2021-37529 affects fig2dev up to version 3.28a. The vulnerability is a double-free in the free_stream function of readpics.c (due to freeing memory for long file names), which can lead to denial of service. Various sources (Red Hat, SUSE, OSV entries, and vendor advisories) report this issue ...
CVE-2025-31164
Fig2dev in version 3.2.9a is vulnerable to a heap-buffer overflow in create_line_with_spline (CVE-2025-31164). Attackers could exploit via locally manipulated input, as described in multiple advisories (e.g., SUSE, Debian, Mageia) that also reference related CVEs 31162/31163. Affected distributio...
CVE-2025-31162
CVE-2025-31162 affects fig2dev in Xfig, version 3.2.9a. The issue is a floating point exception in the get_slope function that can be triggered by crafted local input, leading to availability impact. Several connected advisories note fixes for this family of issues (CVE-2025-31162/31163/31164) by...
CVE-2020-21678
CVE-2020-21678 is a global buffer overflow in fig2dev 3.2.7b’s genmp_writefontmacro_latex (genmp.c) that can cause a denial of service when converting a xfig file to mp format. The connected documents (NVD/NIST, CNVD, ENISA EUVD, Red Hat/ALAS/Nessus etc.) consistently describe this vulnerability ...