Total
20 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46397 | 2 Fig2dev Project, Redhat | 2 Fig2dev, Enterprise Linux | 2025-10-21 | N/A | 4.7 MEDIUM |
| In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation at the bezier_spline function. | |||||
| CVE-2025-31162 | 1 Fig2dev Project | 1 Fig2dev | 2025-10-21 | N/A | 6.6 MEDIUM |
| Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function. | |||||
| CVE-2025-31163 | 1 Fig2dev Project | 1 Fig2dev | 2025-10-21 | N/A | 6.6 MEDIUM |
| Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function. | |||||
| CVE-2025-31164 | 1 Fig2dev Project | 1 Fig2dev | 2025-10-21 | N/A | 6.6 MEDIUM |
| heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline. | |||||
| CVE-2025-46400 | 2 Fig2dev Project, Redhat | 2 Fig2dev, Enterprise Linux | 2025-10-17 | N/A | 4.7 MEDIUM |
| In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function. | |||||
| CVE-2025-46398 | 2 Fig2dev Project, Redhat | 2 Fig2dev, Enterprise Linux | 2025-10-16 | N/A | 4.7 MEDIUM |
| In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function. | |||||
| CVE-2025-46399 | 2 Fig2dev Project, Redhat | 2 Fig2dev, Enterprise Linux | 2025-10-16 | N/A | 4.7 MEDIUM |
| A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function. | |||||
| CVE-2021-3561 | 3 Debian, Fedoraproject, Fig2dev Project | 3 Debian Linux, Fedora, Fig2dev | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. | |||||
| CVE-2021-37530 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c. | |||||
| CVE-2021-37529 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent). | |||||
| CVE-2020-21684 | 1 Fig2dev Project | 1 Fig2dev | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | |||||
| CVE-2020-21683 | 1 Fig2dev Project | 1 Fig2dev | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | |||||
| CVE-2020-21682 | 1 Fig2dev Project | 1 Fig2dev | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | |||||
| CVE-2020-21681 | 1 Fig2dev Project | 1 Fig2dev | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | |||||
| CVE-2020-21680 | 1 Fig2dev Project | 1 Fig2dev | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | |||||
| CVE-2020-21678 | 1 Fig2dev Project | 1 Fig2dev | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format. | |||||
| CVE-2020-21676 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | |||||
| CVE-2020-21675 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. | |||||
| CVE-2019-19746 | 1 Fig2dev Project | 1 Fig2dev | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. | |||||
| CVE-2018-16140 | 2 Canonical, Fig2dev Project | 2 Ubuntu Linux, Fig2dev | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. | |||||