Description
A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.
Problem types
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Product status
Any version
1:3.2.6a-5.el8_10 (rpm) before *
1:3.2.7b-11.el9_7 (rpm) before *
1:3.2.7b-10.el9_4.1 (rpm) before *
1:3.2.7b-10.el9_6.1 (rpm) before *
Timeline
| 2025-04-24: | Reported to Red Hat. |
| 2025-04-23: | Made public. |
References
lists.debian.org/debian-lts-announce/2025/04/msg00043.html
access.redhat.com/errata/RHSA-2026:0700 (RHSA-2026:0700)
access.redhat.com/errata/RHSA-2026:0704 (RHSA-2026:0704)
access.redhat.com/errata/RHSA-2026:0705 (RHSA-2026:0705)
access.redhat.com/errata/RHSA-2026:0756 (RHSA-2026:0756)
access.redhat.com/security/cve/CVE-2025-46397
bugzilla.redhat.com/show_bug.cgi?id=2362058 (RHBZ#2362058)
sourceforge.net/p/mcj/tickets/192/