Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:01835-1

Опубликовано: 09 июн. 2025
Источник: suse-cvrf

Описание

Security update for transfig

This update for transfig fixes the following issues:

Update to fig2dev version 3.2.9a

  • CVE-2025-31162: Fixed a floating point exception in fig2dev in get_slope function (bsc#1240380).
  • CVE-2025-31163: Fixed a segmentation fault in fig2dev in put_patternarc function (bsc#1240381).
  • CVE-2025-31164: Fixed a heap buffer overflow in fig2dev in create_line_with_spline function (bsc#1240379).
  • CVE-2025-46397: Fixed a stack buffer overflow in fig2dev in bezier_spline function (bsc#1243260).
  • CVE-2025-46398: Fixed a stack buffer overflow in fig2dev in read_objects function (bsc#1243262).
  • CVE-2025-46399: Fixed a segmentation fault in fig2dev in genge_itp_spline function (bsc#1243263).
  • CVE-2025-46400: Fixed a segmentation fault in fig2dev in read_arcobject function (bsc#1243261).

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP6
transfig-3.2.9a-150600.3.5.1
SUSE Linux Enterprise Workstation Extension 15 SP6
transfig-3.2.9a-150600.3.5.1
openSUSE Leap 15.6
transfig-3.2.9a-150600.3.5.1

Ссылки

Описание

Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:transfig-3.2.9a-150600.3.5.1
SUSE Linux Enterprise Workstation Extension 15 SP6:transfig-3.2.9a-150600.3.5.1
openSUSE Leap 15.6:transfig-3.2.9a-150600.3.5.1
Ссылки

Описание

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:transfig-3.2.9a-150600.3.5.1
SUSE Linux Enterprise Workstation Extension 15 SP6:transfig-3.2.9a-150600.3.5.1
openSUSE Leap 15.6:transfig-3.2.9a-150600.3.5.1
Ссылки

Описание

heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:transfig-3.2.9a-150600.3.5.1
SUSE Linux Enterprise Workstation Extension 15 SP6:transfig-3.2.9a-150600.3.5.1
openSUSE Leap 15.6:transfig-3.2.9a-150600.3.5.1
Ссылки

Описание

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation at the bezier_spline function.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:transfig-3.2.9a-150600.3.5.1
SUSE Linux Enterprise Workstation Extension 15 SP6:transfig-3.2.9a-150600.3.5.1
openSUSE Leap 15.6:transfig-3.2.9a-150600.3.5.1
Ссылки

Описание

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:transfig-3.2.9a-150600.3.5.1
SUSE Linux Enterprise Workstation Extension 15 SP6:transfig-3.2.9a-150600.3.5.1
openSUSE Leap 15.6:transfig-3.2.9a-150600.3.5.1
Ссылки

Описание

In xfig diagramming tool, a segmentation fault in fig2dev allows memory corruption via local input manipulation at genge_itp_spline function.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:transfig-3.2.9a-150600.3.5.1
SUSE Linux Enterprise Workstation Extension 15 SP6:transfig-3.2.9a-150600.3.5.1
openSUSE Leap 15.6:transfig-3.2.9a-150600.3.5.1
Ссылки

Описание

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:transfig-3.2.9a-150600.3.5.1
SUSE Linux Enterprise Workstation Extension 15 SP6:transfig-3.2.9a-150600.3.5.1
openSUSE Leap 15.6:transfig-3.2.9a-150600.3.5.1
Ссылки