CVE-2025-46400 — NULL Pointer Dereference in Project Fig2dev

CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 65.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fig2dev Project Fig2dev Redhat Enterprise Linux

Timeline

PublishedApr 23

Description

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianfig2dev_project/fig2dev< 1:3.2.8-3+deb11u3+3

▶NVDfig2dev_project/fig2dev3.2.9a

Also affects: Enterprise Linux 6.0, 7.0, 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-45rh-35p3-x338: Segmentation fault in fig2dev in version 3↗2025-04-23

▶

OSV

CVE-2025-46400: In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobjec↗2025-04-23

▶

CVEList

Xfig: fig2dev segmentation fault in read_arcobject↗2025-04-23

▶

OSV

CVE-2025-46400: Segmentation fault in fig2dev in version 3↗2025-04-23

▶

📋Vendor Advisories

Red Hat

xfig: fig2dev segmentation fault in read_arcobject↗2025-04-23

▶

Debian

CVE-2025-46400: fig2dev - In xfig diagramming tool, a segmentation fault while running fig2dev allows an a...↗2025

▶