Xfig: transfig: fig2dev segmentation fault vulnerability
Description
A segmentation fault in fig2dev's genge_itp_spline function allows local attackers to cause a denial of service via malicious input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A segmentation fault in fig2dev's genge_itp_spline function allows local attackers to cause a denial of service via malicious input.
Vulnerability
The vulnerability is a segmentation fault in fig2dev, part of the transfig package, in the genge_itp_spline function in dev/genge.c (line 249). This occurs when processing a specially crafted FIG file with the -L ge output option. Affected version: fig2dev 3.2.9a (as reported in references [2], [3]). The issue likely stems from improper handling of spline data, leading to a read access violation on a null pointer.
Exploitation
An attacker with local access can craft a malicious FIG file and invoke fig2dev -L ge ./poc to trigger the segmentation fault. No special privileges or authentication beyond local file manipulation are required. The crash is reproducible as shown by AddressSanitizer (ASAN) output in reference [2].
Impact
Successful exploitation results in a denial of service by crashing the fig2dev process. The vulnerability affects availability only; confidentiality and integrity are not compromised according to the CVE description.
Mitigation
As of the latest available information, no patched version has been released for fig2dev. Users are advised to avoid processing untrusted FIG files with the -L ge option until a fix is applied. The issue is tracked in Red Hat Bugzilla [3] and Sourceforge ticket [2].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
14- osv-coords13 versionspkg:deb/ubuntu/fig2dev@1:3.2.6a-6ubuntu1.1?arch=source&distro=esm-apps/bionicpkg:deb/ubuntu/fig2dev@1:3.2.7a-7ubuntu0.1?arch=source&distro=focalpkg:deb/ubuntu/fig2dev@1:3.2.8b-1?arch=source&distro=jammypkg:deb/ubuntu/fig2dev@1:3.2.9-3build2?arch=source&distro=noblepkg:deb/ubuntu/fig2dev@1:3.2.9-4?arch=source&distro=oracularpkg:deb/ubuntu/fig2dev@1:3.2.9a-3?arch=source&distro=pluckypkg:rpm/opensuse/transfig&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/transfig&distro=openSUSE%20Tumbleweedpkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7
>= 0+ 12 more
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: < 3.2.9a-150600.3.5.1
- (no CPE)range: < 3.2.9a-3.1
- (no CPE)range: < 3.2.9a-150600.3.5.1
- (no CPE)range: < 3.2.9a-150600.3.5.1
- (no CPE)range: < 3.2.8b-2.26.1
- (no CPE)range: < 3.2.9a-150600.3.5.1
- (no CPE)range: < 3.2.9a-150600.3.5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- access.redhat.com/security/cve/CVE-2025-46399mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- sourceforge.net/p/mcj/tickets/190/mitre
News mentions
0No linked articles in our index yet.