5.5

CVE-2025-46400

Exploit

Xfig: fig2dev segmentation fault in read_arcobject

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fig2dev ProjectFig2dev Version3.2.9a
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.097
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
secalert@redhat.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://sourceforge.net/p/mcj/tickets/187/
Exploit
Issue Tracking
https://access.redhat.com/security/cve/CVE-2025-46400
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2362054
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html