VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 28, 2025· Updated Nov 3, 2025

fig2dev float point exception

CVE-2025-31162

Description

fig2dev 3.2.9a suffers a floating-point exception in get_slope via crafted input, leading to denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

fig2dev 3.2.9a suffers a floating-point exception in get_slope via crafted input, leading to denial of service.

Vulnerability

A floating-point exception (FPE) vulnerability exists in fig2dev version 3.2.9a within the get_slope function in genpict2e.c. The crash is triggered when processing a specially crafted input file via the fig2dev -L pict2e command. The issue is reproduced using a PoC file, causing an AddressSanitizer-reported FPE at get_slope line 808 [1].

Exploitation

An attacker with local access can exploit this vulnerability by providing a malicious input file to fig2dev. No authentication or special privileges are required. The attacker simply runs fig2dev -L pict2e ./poc, triggering the FPE and crashing the application [1].

Impact

Successful exploitation results in a denial of service (availability impact) due to the crash of the fig2dev process. The integrity and confidentiality of the system are not affected [1].

Mitigation

As of the publication date, no patch or fixed version has been released for fig2dev 3.2.9a. Users should consider avoiding processing untrusted input files with fig2dev until a fix is available [1].

References
  1. Xfig / Tickets / #185 FPE on get_slope()

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

9

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.