CVE-2025-46399NULL Pointer Dereference in Project Fig2dev

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 65.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fig2dev Project Fig2devRedhat Enterprise Linux
Timeline
PublishedApr 23

Description

A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianfig2dev_project/fig2dev< 1:3.2.8-3+deb11u3+3

Also affects: Enterprise Linux 6.0, 7.0, 8.0, 9.0

🔴Vulnerability Details

4
GHSA
GHSA-h5h2-cvc7-hm6x: Segmentation fault in fig2dev in version 32025-04-23
OSV
CVE-2025-46399: Segmentation fault in fig2dev in version 32025-04-23
CVEList
Xfig: transfig: fig2dev segmentation fault vulnerability2025-04-23
OSV
CVE-2025-46399: A flaw was found in fig2dev2025-04-23

📋Vendor Advisories

2
Red Hat
xfig: transfig: Fig2dev Segmentation Fault Vulnerability2025-04-23
Debian
CVE-2025-46399: fig2dev - A flaw was found in fig2dev. This vulnerability allows availability via local in...2025
CVE-2025-46399 — NULL Pointer Dereference | cvebase