Debian 11 bullseye DLA-4147-1 moderate: fig2dev code execution and DoS
debian lts
April 30, 2025
Multiple vulnerabilities were found in fig2dev, a utility for converting XFig figure files, which could lead to code execution or denial of service upon specially crafted input fil...
Topics Covered
Summary
CVE-2025-46397
A stack overflow vulnerability could allow code execution via local
input manipulation via bezier_spline() function.
CVE-2025-46398
A stack overflow vulnerability could allow code execution via local
input manipulation via read_objects() function.
CVE-2025-46399
A segmentation fault issue could lead to denial of service via local
input manipulation via genge_itp_spline() function.
CVE-2025-46400
A segmentation fault issue could lead to denial of service via local
input manipulation via read_arcobject() function.
For Debian 11 bullseye, these problems have been fixed in version
1:3.2.8-3+deb11u3.
We recommend that you upgrade your fig2dev packages.
For the detailed security status of fig2dev please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/fig2dev
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
PREVIOUS
NEXT
Package: fig2dev
Version: 1:3.2.8-3+deb11u3
CVE ID: CVE-2025-46397 CVE-2025-46398 CVE-2025-46399 CVE-2025-46400
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!