Fig2dev@3.2.9a Security Vulnerabilities and Issues — Fig2dev@3.2.9a CVE List

Fig2dev ProjectFig2dev3.2.9a

7 matches found

CVE•added 2025/04/23 8:55 p.m.•94 views

CVE-2025-46397

CVE-2025-46397 is a vulnerability in xfig/fig2dev where a stack overflow via local input manipulation in the bezier_spline function could lead to code execution. The issue is triggered by crafted input to the utility that processes FIG/PIC figures. Public advisories (AlmaLinux, Debian LTS, Astra)...

7.8CVSS4.7AI score0.00251EPSS

CVE•added 2025/04/23 8:55 p.m.•91 views

CVE-2025-46398

CVE-2025-46398 affects fig2dev (part of xfig/Transfig). The vulnerability is a stack overflow in read_objects() that allows memory corruption via local input manipulation, exploitable by a locally authenticated user under conditions described in several advisories. Public disclosures in Debian LT...

5.5CVSS4.7AI score0.0022EPSS

CVE•added 2025/04/23 8:55 p.m.•88 views

CVE-2025-46400

CVE-2025-46400 affects fig2dev (part of the transfig/xfig toolchain). A segmentation fault in read_arcobject can cause denial of service by local input manipulation, impacting availability. Documents consistently describe a segmentation fault via read_arcobject as the root cause, with multiple ad...

5.5CVSS4.4AI score0.00199EPSS

CVE•added 2025/04/23 8:55 p.m.•83 views

CVE-2025-46399

CVE-2025-46399 affects fig2dev (part of transfig) with a segmentation fault in genge_itp_spline, enabling local input-based disruption and potential denial of service. Related advisories confirm multiple vendors acknowledge the issue; Debian LTS reports a fix in fig2dev 1:3.2.8-3+deb11u3. Other e...

5.5CVSS4.6AI score0.00199EPSS

CVE•added 2025/03/28 6:1 p.m.•70 views

CVE-2025-31163

CVE-2025-31163 corresponds to a segmentation fault in the xfig tool fig2dev, triggered by local input manipulation in put_patternarc for version 3.2.9a. The issue is publicly discussed across multiple advisories and has been addressed in various distributions: SUSE advisories (SUSE-SU-2025:01835-...

6.6CVSS6.9AI score0.00166EPSS

CVE•added 2025/03/28 6:1 p.m.•67 views

CVE-2025-31164

Fig2dev in version 3.2.9a is vulnerable to a heap-buffer overflow in create_line_with_spline (CVE-2025-31164). Attackers could exploit via locally manipulated input, as described in multiple advisories (e.g., SUSE, Debian, Mageia) that also reference related CVEs 31162/31163. Affected distributio...

6.6CVSS7.2AI score0.00183EPSS

CVE•added 2025/03/28 6:1 p.m.•65 views

CVE-2025-31162

CVE-2025-31162 affects fig2dev in Xfig, version 3.2.9a. The issue is a floating point exception in the get_slope function that can be triggered by crafted local input, leading to availability impact. Several connected advisories note fixes for this family of issues (CVE-2025-31162/31163/31164) by...

6.6CVSS6.9AI score0.00166EPSS