Synopsis:
transfig security updateSummary:
An update for transfig is now available for openEuler-22.03-LTS-SP3Description:
The transfig utility creates a makefile which translates FIG (created by xfig) or PIC figures into a specified LaTeX graphics language (for example, PostScript(TM)). Transfig is used to create TeX documents which are portable (i.e., they can be printed in a wide variety of environments).
Security Fix(es):
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation at the bezier_spline function.(CVE-2025-46397)
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.(CVE-2025-46398)
In xfig diagramming tool, a segmentation fault in fig2dev allows memory corruption via local input manipulation at genge_itp_spline function.(CVE-2025-46399)
In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.(CVE-2025-46400)Topic:
An update for transfig is now available for openEuler-22.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
MediumAffected Component:
transfig
3.2.8b-4.oe2203sp33.2.8b-4.oe2203sp33.2.8b-4.oe2203sp33.2.8b-4.oe2203sp3Exploitability
AV:LAC:HPR:NUI:RScope
S:UImpact
C:NI:HA:N4.7/CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N