7.8

CVE-2025-46397

Exploit

Xfig: xfig: stack-overflow allows possible code execution via local input manipulation

A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fig2dev ProjectFig2dev Version3.2.9a
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.161
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

https://sourceforge.net/p/mcj/tickets/192/
Exploit
Issue Tracking
https://access.redhat.com/security/cve/CVE-2025-46397
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2362058
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html
https://access.redhat.com/errata/RHSA-2026:0700
https://access.redhat.com/errata/RHSA-2026:0705
https://access.redhat.com/errata/RHSA-2026:0704
https://access.redhat.com/errata/RHSA-2026:0756