Xfig: xfig: stack-overflow allows possible code execution via local input manipulation

Vulnerability

A stack-overflow vulnerability exists in the bezier_spline function of xfig. An attacker can trigger the overflow by providing a specially crafted FIG file. The issue affects xfig versions prior to the fix released in the transfig update. The flaw is present in the xfig utility as shipped in Red Hat Enterprise Linux 9.4 and 9.6 Extended Update Support [1][3][4].

Exploitation

An attacker must have local access to the system and be able to trick a user or automated process into opening a malicious FIG file with xfig. No additional authentication is required beyond local login. The attack sequence involves crafting a FIG file with malformed coordinates or control points that cause the bezier_spline function to overflow the stack when processing the Bezier spline data [1].

Impact

Successful exploitation leads to code execution on the victim's machine. The attacker gains the ability to run arbitrary code with the privileges of the user running xfig. The vulnerability is rated Moderate severity by Red Hat, with a CVSS base score available in the referenced advisory [1][3][4].

Mitigation

The vulnerability is fixed in transfig updates released on 2026-01-15 (RHSA-2026:0704 for RHEL 9.6 and RHSA-2026:0705 for RHEL 9.4 Extended Update Support) [2][3][4]. Users should apply the latest transfig package updates from Red Hat. No workarounds are documented; the only mitigation is to update to the patched version.