CVE-2025-46397

Published: Apr 23, 2025Modified: Jan 19, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD (Secondary)

Description

A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.

Affected (5)

Products: Fig2dev Project: Fig2dev · Redhat: Enterprise Linux

Fig2dev Project

1 product

1 product

Enterprise Linux

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Fig2dev Project Fig2dev	Version 3.2.9a
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (8)

https://access.redhat.com/errata/RHSA-2026:0700

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:0704

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:0705

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:0756

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2025-46397

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2362058

Source: secalert@redhat.com

Vendor Advisory

https://sourceforge.net/p/mcj/tickets/192/

Source: secalert@redhat.com

ExploitIssue Tracking

https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.