Skip to main content

Fig2Dev CVE-2025-46400

MEDIUM
NULL Pointer Dereference (CWE-476)
2025-04-23 secalert@redhat.com
5.5
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch released
Apr 06, 2026 - 08:30 nvd
Patch available
Analysis Generated
Mar 28, 2026 - 18:38 vuln.today
PoC Detected
Jan 08, 2026 - 04:15 vuln.today
Public exploit code
CVE Published
Apr 23, 2025 - 21:15 nvd
MEDIUM 5.5

DescriptionCVE.org

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.

AnalysisAI

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function. Affected products include: Fig2Dev Project Fig2Dev, Redhat Enterprise Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2025-46397 HIGH POC
7.8 Apr 23

A flaw was found in xfig. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit co

CVE-2021-3561 HIGH POC
7.1 May 26

An Out of Bounds flaw was found fig2dev version 3.2.8a. Rated high severity (CVSS 7.1), this vulnerability is no authent

CVE-2025-31163 MEDIUM POC
6.6 Mar 28

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_

CVE-2025-31162 MEDIUM POC
6.6 Mar 28

Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation vi

CVE-2025-31164 MEDIUM POC
6.6 Mar 28

heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via cr

CVE-2025-46398 MEDIUM POC
5.5 Apr 23

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation v

CVE-2025-46399 MEDIUM POC
5.5 Apr 23

A flaw was found in fig2dev. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public explo

CVE-2021-32280 MEDIUM POC
5.5 Sep 20

An issue was discovered in fig2dev before 3.2.8.. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat

CVE-2019-19797 MEDIUM POC
5.5 Dec 15

read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. Rated medium severity (CVSS 5.5), this vulner

CVE-2019-19746 MEDIUM POC
5.5 Dec 12

make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer o

CVE-2019-14275 MEDIUM POC
5.5 Jul 26

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. Rated medium severity (CVSS

CVE-2018-16140 HIGH
7.8 Aug 30

A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the begi

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP6 Fixed
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 Fixed

Share

CVE-2025-46400 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy