Security update for transfig SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:01890-1 Final 1 1 2025-06-11T05:43:46Z current 2025-06-11T05:43:46Z 2025-06-11T05:43:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for transfig This update for transfig fixes the following issues: Update to fig2dev version 3.2.9a - CVE-2025-46397: Fixed a stack buffer overflow in fig2dev in bezier_spline function (bsc#1243260). - CVE-2025-46398: Fixed a stack buffer overflow in fig2dev in read_objects function (bsc#1243262). - CVE-2025-46399: Fixed a segmentation fault in fig2dev in genge_itp_spline function (bsc#1243263). - CVE-2025-46400: Fixed a segmentation fault in fig2dev in read_arcobject function (bsc#1243261). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1890,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1890 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202501890-1/ Link for SUSE-SU-2025:01890-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040219.html E-Mail link for SUSE-SU-2025:01890-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1243260 SUSE Bug 1243260 https://bugzilla.suse.com/1243261 SUSE Bug 1243261 https://bugzilla.suse.com/1243262 SUSE Bug 1243262 https://bugzilla.suse.com/1243263 SUSE Bug 1243263 https://www.suse.com/security/cve/CVE-2025-46397/ SUSE CVE CVE-2025-46397 page https://www.suse.com/security/cve/CVE-2025-46398/ SUSE CVE CVE-2025-46398 page https://www.suse.com/security/cve/CVE-2025-46399/ SUSE CVE CVE-2025-46399 page https://www.suse.com/security/cve/CVE-2025-46400/ SUSE CVE CVE-2025-46400 page SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 transfig-3.2.8b-2.26.1 transfig-3.2.8b-2.26.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation at the bezier_spline function. CVE-2025-46397 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:transfig-3.2.8b-2.26.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501890-1/ https://www.suse.com/security/cve/CVE-2025-46397.html CVE-2025-46397 https://bugzilla.suse.com/1243260 SUSE Bug 1243260 In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function. CVE-2025-46398 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:transfig-3.2.8b-2.26.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501890-1/ https://www.suse.com/security/cve/CVE-2025-46398.html CVE-2025-46398 https://bugzilla.suse.com/1243262 SUSE Bug 1243262 In xfig diagramming tool, a segmentation fault in fig2dev allows memory corruption via local input manipulation at genge_itp_spline function. CVE-2025-46399 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:transfig-3.2.8b-2.26.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501890-1/ https://www.suse.com/security/cve/CVE-2025-46399.html CVE-2025-46399 https://bugzilla.suse.com/1243263 SUSE Bug 1243263 In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function. CVE-2025-46400 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:transfig-3.2.8b-2.26.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501890-1/ https://www.suse.com/security/cve/CVE-2025-46400.html CVE-2025-46400 https://bugzilla.suse.com/1243261 SUSE Bug 1243261