Fig2Dev Project Fig2Dev vulnerabilities

CVE-2025-46397 [HIGH] CWE-120 CVE-2025-46397: A flaw was found in xfig. This vulnerability allows possible code execution via local input manipula A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.

CVE-2025-46398 [MEDIUM] CWE-121 CVE-2025-46398: In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.

CVE-2025-46399 [MEDIUM] CWE-476 CVE-2025-46399: A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.

CVE-2025-46400 [MEDIUM] CWE-476 CVE-2025-46400: In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availabil In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.

CVE-2025-31164 [MEDIUM] CWE-122 CVE-2025-31164: heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline.

CVE-2025-31163 [MEDIUM] CWE-476 CVE-2025-31163: Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input m Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.

CVE-2025-31162 [MEDIUM] CWE-369 CVE-2025-31162: Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local i Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function.

CVE-2021-37530 [MEDIUM] CWE-787 CVE-2021-37530: A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_strea A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.

CVE-2021-37529 [MEDIUM] CWE-415 CVE-2021-37529: A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream func A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).

CVE-2021-32280 [MEDIUM] CVE-2021-32280: An issue was discovered in fig2dev before 3 An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.

CVE-2020-21530 [MEDIUM] CVE-2020-21530: fig2dev 3 fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.

CVE-2020-21529 [MEDIUM] CVE-2020-21529: fig2dev 3 fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.

CVE-2020-21533 [MEDIUM] CVE-2020-21533: fig2dev 3 fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.

CVE-2020-21534 [MEDIUM] CVE-2020-21534: fig2dev 3 fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.

CVE-2020-21531 [MEDIUM] CVE-2020-21531: fig2dev 3 fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.

CVE-2020-21532 [MEDIUM] CVE-2020-21532: fig2dev 3 fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.

CVE-2020-21535 [MEDIUM] CVE-2020-21535: fig2dev 3 fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.

CVE-2020-21680 [MEDIUM] CWE-787 CVE-2020-21680: A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows a A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.

CVE-2020-21678 [MEDIUM] CWE-120 CVE-2020-21678: A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b al A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format.

CVE-2020-21681 [MEDIUM] CWE-120 CVE-2020-21681: A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.