rpm package
opensuse/transfig&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/transfig&distro=openSUSE%20Tumbleweed
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-46400 | — | < 3.2.9a-3.1 | 3.2.9a-3.1 | Apr 23, 2025 | In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function. | ||
| CVE-2025-46399 | — | < 3.2.9a-3.1 | 3.2.9a-3.1 | Apr 23, 2025 | A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function. | ||
| CVE-2025-46398 | — | < 3.2.9a-3.1 | 3.2.9a-3.1 | Apr 23, 2025 | In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function. | ||
| CVE-2025-46397 | — | < 3.2.9a-3.1 | 3.2.9a-3.1 | Apr 23, 2025 | A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function. | ||
| CVE-2025-31162 | — | < 3.2.9a-2.1 | 3.2.9a-2.1 | Mar 28, 2025 | Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function. | ||
| CVE-2025-31163 | — | < 3.2.9a-2.1 | 3.2.9a-2.1 | Mar 28, 2025 | Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function. | ||
| CVE-2025-31164 | — | < 3.2.9a-2.1 | 3.2.9a-2.1 | Mar 28, 2025 | heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline. | ||
| CVE-2021-32280 | — | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 20, 2021 | An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8. | ||
| CVE-2020-21535 | — | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 16, 2021 | fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. | ||
| CVE-2020-21534 | — | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 16, 2021 | fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. | ||
| CVE-2020-21533 | — | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 16, 2021 | fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. | ||
| CVE-2020-21530 | — | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 16, 2021 | fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. | ||
| CVE-2020-21532 | — | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 16, 2021 | fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. | ||
| CVE-2020-21531 | — | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 16, 2021 | fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. | ||
| CVE-2020-21529 | — | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 16, 2021 | fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. | ||
| CVE-2020-21681 | — | < 3.2.8a-5.1 | 3.2.8a-5.1 | Aug 10, 2021 | A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | ||
| CVE-2020-21680 | — | < 3.2.8a-5.1 | 3.2.8a-5.1 | Aug 10, 2021 | A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | ||
| CVE-2020-21682 | — | < 3.2.8a-5.1 | 3.2.8a-5.1 | Aug 10, 2021 | A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | ||
| CVE-2020-21683 | — | < 3.2.8a-5.1 | 3.2.8a-5.1 | Aug 10, 2021 | A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | ||
| CVE-2021-3561 | — | < 3.2.8a-5.1 | 3.2.8a-5.1 | May 26, 2021 | An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerabilit |
- CVE-2025-46400Apr 23, 2025affected < 3.2.9a-3.1fixed 3.2.9a-3.1
In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.
- CVE-2025-46399Apr 23, 2025affected < 3.2.9a-3.1fixed 3.2.9a-3.1
A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.
- CVE-2025-46398Apr 23, 2025affected < 3.2.9a-3.1fixed 3.2.9a-3.1
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.
- CVE-2025-46397Apr 23, 2025affected < 3.2.9a-3.1fixed 3.2.9a-3.1
A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.
- CVE-2025-31162Mar 28, 2025affected < 3.2.9a-2.1fixed 3.2.9a-2.1
Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function.
- CVE-2025-31163Mar 28, 2025affected < 3.2.9a-2.1fixed 3.2.9a-2.1
Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.
- CVE-2025-31164Mar 28, 2025affected < 3.2.9a-2.1fixed 3.2.9a-2.1
heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline.
- CVE-2021-32280Sep 20, 2021affected < 3.2.8b-2.1fixed 3.2.8b-2.1
An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.
- CVE-2020-21535Sep 16, 2021affected < 3.2.8b-2.1fixed 3.2.8b-2.1
fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.
- CVE-2020-21534Sep 16, 2021affected < 3.2.8b-2.1fixed 3.2.8b-2.1
fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.
- CVE-2020-21533Sep 16, 2021affected < 3.2.8b-2.1fixed 3.2.8b-2.1
fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.
- CVE-2020-21530Sep 16, 2021affected < 3.2.8b-2.1fixed 3.2.8b-2.1
fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.
- CVE-2020-21532Sep 16, 2021affected < 3.2.8b-2.1fixed 3.2.8b-2.1
fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.
- CVE-2020-21531Sep 16, 2021affected < 3.2.8b-2.1fixed 3.2.8b-2.1
fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.
- CVE-2020-21529Sep 16, 2021affected < 3.2.8b-2.1fixed 3.2.8b-2.1
fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.
- CVE-2020-21681Aug 10, 2021affected < 3.2.8a-5.1fixed 3.2.8a-5.1
A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
- CVE-2020-21680Aug 10, 2021affected < 3.2.8a-5.1fixed 3.2.8a-5.1
A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.
- CVE-2020-21682Aug 10, 2021affected < 3.2.8a-5.1fixed 3.2.8a-5.1
A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
- CVE-2020-21683Aug 10, 2021affected < 3.2.8a-5.1fixed 3.2.8a-5.1
A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
- CVE-2021-3561May 26, 2021affected < 3.2.8a-5.1fixed 3.2.8a-5.1
An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerabilit
Page 1 of 2