CVE-2025-46398

Опубликовано: 23 апр. 2025

Источник: debian

Описание

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.

Пакет	Статус	Версия исправления	Релиз	Тип
fig2dev	fixed	1:3.2.9a-4		package

https://sourceforge.net/p/mcj/tickets/191/
Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/5f22009dba73922e98d49c0096cece8b215cd45b/
Crash in CLI tool, no security impact

CVE-2025-46398

CVSS3: 4.7

ubuntu

4 месяца назад

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.

CVE-2025-46398

CVSS3: 4.7

redhat

4 месяца назад

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.

CVE-2025-46398

CVSS3: 4.7

nvd

4 месяца назад

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.

GHSA-vv86-jpff-556f

CVSS3: 7.1

github

4 месяца назад

Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function.

SUSE-SU-2025:01890-1

suse-cvrf

2 месяца назад

Security update for transfig