CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2025-46397: Xfig: fig2dev stack-overflow
Description
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation at the bezier_spline function.
Classification
CVE ID: CVE-2025-46397
Problem Types
Stack-based Buffer OverflowAffected Products
Vendor:
Product:
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 4.57% (scored less or equal to compared to others)
EPSS Date: 2025-06-13 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-46397https://access.redhat.com/security/cve/CVE-2025-46397
https://bugzilla.redhat.com/show_bug.cgi?id=2362058
https://sourceforge.net/p/mcj/tickets/192/