CVE-2025-46398 — Stack-based Buffer Overflow in Project Fig2dev

CWE-121 — Stack-based Buffer Overflow7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 62.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fig2dev Project Fig2dev Redhat Enterprise Linux

Timeline

PublishedApr 23

Description

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianfig2dev_project/fig2dev< 1:3.2.8-3+deb11u3+3

▶NVDfig2dev_project/fig2dev3.2.9a

Also affects: Enterprise Linux 6.0, 7.0, 8.0

🔴Vulnerability Details

OSV

CVE-2025-46398: Stack-overflow in fig2dev in version 3↗2025-04-23

▶

OSV

CVE-2025-46398: In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function↗2025-04-23

▶

CVEList

Xfig: fig2dev stack-overflow via read_objects↗2025-04-23

▶

GHSA

GHSA-vv86-jpff-556f: Stack-overflow in fig2dev in version 3↗2025-04-23

▶

📋Vendor Advisories

Red Hat

xfig: fig2dev stack-overflow via read_objects↗2025-04-23

▶

Debian

CVE-2025-46398: fig2dev - In xfig diagramming tool, a stack-overflow while running fig2dev allows memory c...↗2025

▶