rpm package
opensuse/transfig&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/transfig&distro=openSUSE%20Tumbleweed
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-46400 | Med | 5.5 | < 3.2.9a-3.1 | 3.2.9a-3.1 | Apr 23, 2025 | In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function. | |
| CVE-2025-46399 | Med | 5.5 | < 3.2.9a-3.1 | 3.2.9a-3.1 | Apr 23, 2025 | A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function. | |
| CVE-2025-46398 | Med | 5.5 | < 3.2.9a-3.1 | 3.2.9a-3.1 | Apr 23, 2025 | In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function. | |
| CVE-2025-46397 | Hig | 7.8 | < 3.2.9a-3.1 | 3.2.9a-3.1 | Apr 23, 2025 | A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function. | |
| CVE-2025-31164 | Med | 6.6 | < 3.2.9a-2.1 | 3.2.9a-2.1 | Mar 28, 2025 | heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline. | |
| CVE-2025-31163 | Med | 6.6 | < 3.2.9a-2.1 | 3.2.9a-2.1 | Mar 28, 2025 | Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function. | |
| CVE-2025-31162 | Med | 6.6 | < 3.2.9a-2.1 | 3.2.9a-2.1 | Mar 28, 2025 | Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function. | |
| CVE-2021-32280 | Med | 5.5 | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 20, 2021 | An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8. | |
| CVE-2020-21535 | Med | 5.5 | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 16, 2021 | fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. | |
| CVE-2020-21534 | Med | 5.5 | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 16, 2021 | fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. | |
| CVE-2020-21533 | Med | 5.5 | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 16, 2021 | fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. | |
| CVE-2020-21532 | Med | 5.5 | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 16, 2021 | fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. | |
| CVE-2020-21531 | Med | 5.5 | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 16, 2021 | fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. | |
| CVE-2020-21530 | Med | 5.5 | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 16, 2021 | fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. | |
| CVE-2020-21529 | Med | 5.5 | < 3.2.8b-2.1 | 3.2.8b-2.1 | Sep 16, 2021 | fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. | |
| CVE-2020-21683 | Med | 5.5 | < 3.2.8a-5.1 | 3.2.8a-5.1 | Aug 10, 2021 | A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | |
| CVE-2020-21682 | Med | 5.5 | < 3.2.8a-5.1 | 3.2.8a-5.1 | Aug 10, 2021 | A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | |
| CVE-2020-21681 | Med | 5.5 | < 3.2.8a-5.1 | 3.2.8a-5.1 | Aug 10, 2021 | A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | |
| CVE-2020-21680 | Med | 5.5 | < 3.2.8a-5.1 | 3.2.8a-5.1 | Aug 10, 2021 | A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | |
| CVE-2021-3561 | Hig | 7.1 | < 3.2.8a-5.1 | 3.2.8a-5.1 | May 26, 2021 | An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerabilit |
- affected < 3.2.9a-3.1fixed 3.2.9a-3.1
In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.
- affected < 3.2.9a-3.1fixed 3.2.9a-3.1
A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.
- affected < 3.2.9a-3.1fixed 3.2.9a-3.1
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.
- affected < 3.2.9a-3.1fixed 3.2.9a-3.1
A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.
- affected < 3.2.9a-2.1fixed 3.2.9a-2.1
heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline.
- affected < 3.2.9a-2.1fixed 3.2.9a-2.1
Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.
- affected < 3.2.9a-2.1fixed 3.2.9a-2.1
Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function.
- affected < 3.2.8b-2.1fixed 3.2.8b-2.1
An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.
- affected < 3.2.8b-2.1fixed 3.2.8b-2.1
fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.
- affected < 3.2.8b-2.1fixed 3.2.8b-2.1
fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.
- affected < 3.2.8b-2.1fixed 3.2.8b-2.1
fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.
- affected < 3.2.8b-2.1fixed 3.2.8b-2.1
fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.
- affected < 3.2.8b-2.1fixed 3.2.8b-2.1
fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.
- affected < 3.2.8b-2.1fixed 3.2.8b-2.1
fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.
- affected < 3.2.8b-2.1fixed 3.2.8b-2.1
fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.
- affected < 3.2.8a-5.1fixed 3.2.8a-5.1
A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
- affected < 3.2.8a-5.1fixed 3.2.8a-5.1
A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
- affected < 3.2.8a-5.1fixed 3.2.8a-5.1
A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
- affected < 3.2.8a-5.1fixed 3.2.8a-5.1
A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.
- affected < 3.2.8a-5.1fixed 3.2.8a-5.1
An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerabilit
Page 1 of 2