Untriaged
Permalink
CVE-2025-46398
7.1 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): NONE
fig2dev stack-overflow via read_objects
Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function.
References
- https://sourceforge.net/p/mcj/tickets/191/
- https://sourceforge.net/p/mcj/tickets/191/
- https://access.redhat.com/security/cve/CVE-2025-46398 x_refsource_REDHAT vdb-entry
- RHBZ#2362055 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/191/
- https://access.redhat.com/security/cve/CVE-2025-46398 x_refsource_REDHAT vdb-entry
- RHBZ#2362055 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/191/
- RHBZ#2362055 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/191/
- https://access.redhat.com/security/cve/CVE-2025-46398 x_refsource_REDHAT vdb-entry
- https://sourceforge.net/p/mcj/tickets/191/
- https://access.redhat.com/security/cve/CVE-2025-46398 x_refsource_REDHAT vdb-entry
- RHBZ#2362055 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-46398 x_refsource_REDHAT vdb-entry
- RHBZ#2362055 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/191/
- https://access.redhat.com/security/cve/CVE-2025-46398 x_refsource_REDHAT vdb-entry
- RHBZ#2362055 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/191/
- https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html
- https://access.redhat.com/security/cve/CVE-2025-46398 x_refsource_REDHAT vdb-entry
- RHBZ#2362055 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/191/
- https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html
- https://access.redhat.com/security/cve/CVE-2025-46398 x_refsource_REDHAT vdb-entry
- RHBZ#2362055 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/191/
- https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html
Affected products
xfig
- =<3.2.9a
fig2dev
- ==3.2.9a
transfig
Package maintainers
-
@LeSuisse Thomas Gerbet <thomas@gerbet.me>