Untriaged
Permalink
CVE-2025-46397
7.1 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): NONE
fig2dev stack-overflow
Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezier_spline function.
References
- https://sourceforge.net/p/mcj/tickets/192/
- https://sourceforge.net/p/mcj/tickets/192/
- https://access.redhat.com/security/cve/CVE-2025-46397 x_refsource_REDHAT vdb-entry
- RHBZ#2362058 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/192/
- https://access.redhat.com/security/cve/CVE-2025-46397 x_refsource_REDHAT vdb-entry
- RHBZ#2362058 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/192/
- https://access.redhat.com/security/cve/CVE-2025-46397 x_refsource_REDHAT vdb-entry
- RHBZ#2362058 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/192/
- RHBZ#2362058 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/192/
- https://access.redhat.com/security/cve/CVE-2025-46397 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2025-46397 x_refsource_REDHAT vdb-entry
- RHBZ#2362058 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/192/
- https://access.redhat.com/security/cve/CVE-2025-46397 x_refsource_REDHAT vdb-entry
- RHBZ#2362058 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/192/
- https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html
- https://access.redhat.com/security/cve/CVE-2025-46397 x_refsource_REDHAT vdb-entry
- RHBZ#2362058 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/192/
- https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html
- https://access.redhat.com/security/cve/CVE-2025-46397 x_refsource_REDHAT vdb-entry
- RHBZ#2362058 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/192/
- https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html
- https://access.redhat.com/security/cve/CVE-2025-46397 x_refsource_REDHAT vdb-entry
- RHBZ#2362058 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/192/
- https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html
- https://access.redhat.com/security/cve/CVE-2025-46397 x_refsource_REDHAT vdb-entry
- RHBZ#2362058 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/192/
- https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html
- https://access.redhat.com/security/cve/CVE-2025-46397 x_refsource_REDHAT vdb-entry
- RHBZ#2362058 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/192/
- https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html
- RHSA-2026:0700 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0704 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0705 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-46397 x_refsource_REDHAT vdb-entry
- RHBZ#2362058 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/192/
- https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html
- RHSA-2026:0700 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0704 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0705 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0756 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-46397 x_refsource_REDHAT vdb-entry
- RHBZ#2362058 issue-tracking x_refsource_REDHAT
- https://sourceforge.net/p/mcj/tickets/192/
- https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html
Affected products
xfig
- =<3.2.9a
fig2dev
- ==3.2.9a
transfig
- *
Package maintainers
-
@LeSuisse Thomas Gerbet <thomas@gerbet.me>