Security update for transfig SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:01835-1 Final 1 1 2025-06-09T13:24:44Z current 2025-06-09T13:24:44Z 2025-06-09T13:24:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for transfig This update for transfig fixes the following issues: Update to fig2dev version 3.2.9a - CVE-2025-31162: Fixed a floating point exception in fig2dev in get_slope function (bsc#1240380). - CVE-2025-31163: Fixed a segmentation fault in fig2dev in put_patternarc function (bsc#1240381). - CVE-2025-31164: Fixed a heap buffer overflow in fig2dev in create_line_with_spline function (bsc#1240379). - CVE-2025-46397: Fixed a stack buffer overflow in fig2dev in bezier_spline function (bsc#1243260). - CVE-2025-46398: Fixed a stack buffer overflow in fig2dev in read_objects function (bsc#1243262). - CVE-2025-46399: Fixed a segmentation fault in fig2dev in genge_itp_spline function (bsc#1243263). - CVE-2025-46400: Fixed a segmentation fault in fig2dev in read_arcobject function (bsc#1243261). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1835,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1835,SUSE-SLE-Product-WE-15-SP6-2025-1835,openSUSE-SLE-15.6-2025-1835 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202501835-1/ Link for SUSE-SU-2025:01835-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040187.html E-Mail link for SUSE-SU-2025:01835-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1225947 SUSE Bug 1225947 https://bugzilla.suse.com/1230427 SUSE Bug 1230427 https://bugzilla.suse.com/1240379 SUSE Bug 1240379 https://bugzilla.suse.com/1240380 SUSE Bug 1240380 https://bugzilla.suse.com/1240381 SUSE Bug 1240381 https://bugzilla.suse.com/1243260 SUSE Bug 1243260 https://bugzilla.suse.com/1243261 SUSE Bug 1243261 https://bugzilla.suse.com/1243262 SUSE Bug 1243262 https://bugzilla.suse.com/1243263 SUSE Bug 1243263 https://www.suse.com/security/cve/CVE-2025-31162/ SUSE CVE CVE-2025-31162 page https://www.suse.com/security/cve/CVE-2025-31163/ SUSE CVE CVE-2025-31163 page https://www.suse.com/security/cve/CVE-2025-31164/ SUSE CVE CVE-2025-31164 page https://www.suse.com/security/cve/CVE-2025-46397/ SUSE CVE CVE-2025-46397 page https://www.suse.com/security/cve/CVE-2025-46398/ SUSE CVE CVE-2025-46398 page https://www.suse.com/security/cve/CVE-2025-46399/ SUSE CVE CVE-2025-46399 page https://www.suse.com/security/cve/CVE-2025-46400/ SUSE CVE CVE-2025-46400 page SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP6 openSUSE Leap 15.6 transfig-3.2.9a-150600.3.5.1 transfig-3.2.9a-150600.3.5.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 transfig-3.2.9a-150600.3.5.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 transfig-3.2.9a-150600.3.5.1 as a component of openSUSE Leap 15.6 Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function. CVE-2025-31162 SUSE Linux Enterprise Module for Package Hub 15 SP6:transfig-3.2.9a-150600.3.5.1 SUSE Linux Enterprise Workstation Extension 15 SP6:transfig-3.2.9a-150600.3.5.1 openSUSE Leap 15.6:transfig-3.2.9a-150600.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501835-1/ https://www.suse.com/security/cve/CVE-2025-31162.html CVE-2025-31162 https://bugzilla.suse.com/1240380 SUSE Bug 1240380 Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function. CVE-2025-31163 SUSE Linux Enterprise Module for Package Hub 15 SP6:transfig-3.2.9a-150600.3.5.1 SUSE Linux Enterprise Workstation Extension 15 SP6:transfig-3.2.9a-150600.3.5.1 openSUSE Leap 15.6:transfig-3.2.9a-150600.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501835-1/ https://www.suse.com/security/cve/CVE-2025-31163.html CVE-2025-31163 https://bugzilla.suse.com/1240381 SUSE Bug 1240381 heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline. CVE-2025-31164 SUSE Linux Enterprise Module for Package Hub 15 SP6:transfig-3.2.9a-150600.3.5.1 SUSE Linux Enterprise Workstation Extension 15 SP6:transfig-3.2.9a-150600.3.5.1 openSUSE Leap 15.6:transfig-3.2.9a-150600.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501835-1/ https://www.suse.com/security/cve/CVE-2025-31164.html CVE-2025-31164 https://bugzilla.suse.com/1240379 SUSE Bug 1240379 In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation at the bezier_spline function. CVE-2025-46397 SUSE Linux Enterprise Module for Package Hub 15 SP6:transfig-3.2.9a-150600.3.5.1 SUSE Linux Enterprise Workstation Extension 15 SP6:transfig-3.2.9a-150600.3.5.1 openSUSE Leap 15.6:transfig-3.2.9a-150600.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501835-1/ https://www.suse.com/security/cve/CVE-2025-46397.html CVE-2025-46397 https://bugzilla.suse.com/1243260 SUSE Bug 1243260 In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function. CVE-2025-46398 SUSE Linux Enterprise Module for Package Hub 15 SP6:transfig-3.2.9a-150600.3.5.1 SUSE Linux Enterprise Workstation Extension 15 SP6:transfig-3.2.9a-150600.3.5.1 openSUSE Leap 15.6:transfig-3.2.9a-150600.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501835-1/ https://www.suse.com/security/cve/CVE-2025-46398.html CVE-2025-46398 https://bugzilla.suse.com/1243262 SUSE Bug 1243262 In xfig diagramming tool, a segmentation fault in fig2dev allows memory corruption via local input manipulation at genge_itp_spline function. CVE-2025-46399 SUSE Linux Enterprise Module for Package Hub 15 SP6:transfig-3.2.9a-150600.3.5.1 SUSE Linux Enterprise Workstation Extension 15 SP6:transfig-3.2.9a-150600.3.5.1 openSUSE Leap 15.6:transfig-3.2.9a-150600.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501835-1/ https://www.suse.com/security/cve/CVE-2025-46399.html CVE-2025-46399 https://bugzilla.suse.com/1243263 SUSE Bug 1243263 In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function. CVE-2025-46400 SUSE Linux Enterprise Module for Package Hub 15 SP6:transfig-3.2.9a-150600.3.5.1 SUSE Linux Enterprise Workstation Extension 15 SP6:transfig-3.2.9a-150600.3.5.1 openSUSE Leap 15.6:transfig-3.2.9a-150600.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501835-1/ https://www.suse.com/security/cve/CVE-2025-46400.html CVE-2025-46400 https://bugzilla.suse.com/1243261 SUSE Bug 1243261