CVE-2025-31164
published 2025-03-28CVE-2025-31164: heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline.
medium6.6CVSS 3.1
AVLACLPRLUINSUCLILAH
heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | fig2dev | < fig2dev 1:3.2.8b-3+deb12u1 (bookworm) | fig2dev 1:3.2.8b-3+deb12u1 (bookworm) |
| fig2dev_project | fig2dev | — | — |
| fig2dev_project | fig2dev | >= 0 < 1:3.2.8-3+deb11u2 | 1:3.2.8-3+deb11u2 |
| fig2dev_project | fig2dev | >= 0 < 1:3.2.8b-3+deb12u1 | 1:3.2.8b-3+deb12u1 |
| fig2dev_project | fig2dev | >= 0 < 1:3.2.9a-2 | 1:3.2.9a-2 |
| fig2dev_project | fig2dev | >= 0 < 1:3.2.9a-2 | 1:3.2.9a-2 |
| fig2dev_project | fig2dev | >= 0 < 1:3.2.6a-6ubuntu1.1+esm1 | 1:3.2.6a-6ubuntu1.1+esm1 |
| fig2dev_project | fig2dev | >= 0 < 1:3.2.7a-7ubuntu0.1+esm1 | 1:3.2.7a-7ubuntu0.1+esm1 |
| fig2dev_project | fig2dev | >= 0 < 1:3.2.8b-1ubuntu0.1~esm1 | 1:3.2.8b-1ubuntu0.1~esm1 |
| fig2dev_project | fig2dev | >= 0 < 1:3.2.9-3ubuntu0.1~esm1 | 1:3.2.9-3ubuntu0.1~esm1 |
| xfig | fig2dev | — | — |
CVSS provenance
nvdv3.16.6MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
osv6.6MEDIUM