fig2dev segmentation fault

Vulnerability

A segmentation fault (SEGV) exists in fig2dev version 3.2.9a. The flaw is triggered in the put_patternarc function within genpict2e.c (line 2306) when processing a specially crafted FIG file. The crash is caused by a NULL pointer dereference, as shown by AddressSanitizer reporting a read access to address 0x0. This occurs during the conversion of arc objects by the genpict2e_arc handler when the tool is invoked with the -L pict2e output option.

Exploitation

An attacker with local access can craft a malicious FIG file that, when processed by fig2dev -L pict2e, triggers the crash. No special privileges or authentication beyond the ability to supply a FIG file to the utility are required. The user must run fig2dev on the malicious file. No race condition or further exploitation steps are needed.

Impact

Successful exploitation causes a denial of service (availability impact) by crashing the fig2dev process. According to the source, the vulnerability is classified as allowing an attacker to affect availability via local input manipulation. No code execution or data corruption is indicated.

Mitigation

As of the publication date (March 28, 2025), no patched version has been released. Users are advised to monitor the project's issue tracker [1] for updates. In the interim, avoid running fig2dev on untrusted FIG files, particularly with the -L pict2e output format, or consider using an alternative tool. The vulnerability is not known to be listed in CISA's Known Exploited Vulnerabilities catalog.