Synopsis:
transfig security updateSummary:
An update for transfig is now available for openEuler-24.03-LTSDescription:
The transfig utility creates a makefile which translates FIG (created by xfig) or PIC figures into a specified LaTeX graphics language (for example, PostScript(TM)). Transfig is used to create TeX documents which are portable (i.e., they can be printed in a wide variety of environments).
Security Fix(es):
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation at the bezier_spline function.(CVE-2025-46397)
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.(CVE-2025-46398)
In xfig diagramming tool, a segmentation fault in fig2dev allows memory corruption via local input manipulation at genge_itp_spline function.(CVE-2025-46399)
In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.(CVE-2025-46400)Topic:
An update for transfig is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
HighAffected Component:
transfig
3.2.9-3.oe24033.2.9-3.oe24033.2.9-3.oe24033.2.9-3.oe2403Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:HI:HA:N7.1/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N