5.5

CVE-2025-46399

Exploit

Xfig: transfig: fig2dev segmentation fault vulnerability

A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fig2dev ProjectFig2dev Version3.2.9a
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.097
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
secalert@redhat.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://sourceforge.net/p/mcj/tickets/190/
Exploit
Issue Tracking
https://access.redhat.com/security/cve/CVE-2025-46399
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2362053
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html