CVE-2025-46397

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions fig2dev version 3.2.9a

Description The issue allows an attacker possible code execution via local input manipulation through the bezier spline function.

Recommendations For fig2dev version 3.2.9a, consider disabling the bezier spline function until a patch is available to prevent potential code execution via local input manipulation.

Exploit

Fix

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-120

Related Identifiers

ALSA-2026:0700

ALSA-2026:0756

BDU:2025-11851

CVE-2025-46397

DLA-4147-1

MGASA-2025-0253

OESA-2025-1509

OESA-2025-1510

OESA-2025-1947

OESA-2025-1948

OESA-2025-1949

OPENSUSE-SU-2025:15155-1

RHSA-2026:0700

RHSA-2026:0704

RHSA-2026:0705

RHSA-2026:0756

SUSE-SU-2025:01835-1

SUSE-SU-2025:01835-2

SUSE-SU-2025:01890-1

SUSE-SU-2025_01890-1

Affected Products

Astra Linux

Debian

Rocky Linux

Suse

Fig2Dev

CVE-2025-46397

Weakness Enumeration

Related Identifiers

Affected Products

References · 83