CVE-2025-46400

Опубликовано: 23 апр. 2025

Источник: debian

EPSS Низкий

Описание

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
fig2dev	fixed	1:3.2.9a-3		package

Примечания

https://bugzilla.redhat.com/show_bug.cgi?id=2362054
https://sourceforge.net/p/mcj/tickets/187/
Error covered with: https://sourceforge.net/p/mcj/fig2dev/ci/1e5515a1ea2ec8651cf85ab5000d026bb962492a/
Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/c4465e0d9af89d9738aad31c2d0873ac1fa03c96/
Crash in CLI tool, no security impact

EPSS

Процентиль: 2%

0.00016

Низкий

Связанные уязвимости

CVE-2025-46400

CVSS3: 4.7

ubuntu

около 2 месяцев назад

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.

CVE-2025-46400

CVSS3: 4.7

redhat

около 2 месяцев назад

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.

CVE-2025-46400

CVSS3: 4.7

nvd

около 2 месяцев назад

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.

GHSA-45rh-35p3-x338

CVSS3: 7.1

github

около 2 месяцев назад

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function.

SUSE-SU-2025:01890-1

suse-cvrf

9 дней назад

Security update for transfig

EPSS

Процентиль: 2%

0.00016

Низкий