CVE-2025-46397

Summary

A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.

Affected Software

VendorProductVersion RangeStatus
0 <= 3.2.9aaffected
Red HatRed Hat Enterprise Linux 81:3.2.6a-5.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 91:3.2.7b-11.el9_7 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support1:3.2.7b-10.el9_4.1 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support1:3.2.7b-10.el9_6.1 < *unaffected

Weaknesses

  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References