CVE-2025-31164Heap-based Buffer Overflow in Fig2dev

CWE-122Heap-based Buffer Overflow6 documents6 sources
Severity
6.6MEDIUMNVD
EPSS
0.1%
top 70.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fig2dev Project Fig2devXfig Fig2dev
Timeline
PublishedMar 28
Latest updateJun 23

Description

heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:HExploitability: 1.8 | Impact: 4.7

Affected Packages3 packages

Debianfig2dev_project/fig2dev< 1:3.2.8-3+deb11u2+3
CVEListV5xfig/fig2dev3.2.9a

🔴Vulnerability Details

3
OSV
CVE-2025-31164: heap-buffer overflow in fig2dev in version 32025-03-28
CVEList
fig2dev heap-buffer overflow2025-03-28
GHSA
GHSA-p47h-x29h-rvvm: heap-buffer overflow in fig2dev in version 32025-03-28

📋Vendor Advisories

2
Ubuntu
Fig2dev vulnerabilities2025-06-23
Debian
CVE-2025-31164: fig2dev - heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availabi...2025
CVE-2025-31164 — Heap-based Buffer Overflow in Fig2dev | cvebase