CVE-2025-46399

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions fig2dev version 3.2.9a

Description The issue is related to a segmentation fault in the fig2dev software, specifically in version 3.2.9a. This fault can be triggered by an attacker through local input manipulation via the genge itp spline function, potentially affecting the availability of the system. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For version 3.2.9a, consider disabling the genge itp spline function as a temporary workaround until a patch is available. Restrict access to local input manipulation to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-12116

CVE-2025-46399

DLA-4147-1

MGASA-2025-0253

OESA-2025-1509

OESA-2025-1510

OESA-2025-1947

OESA-2025-1948

OESA-2025-1949

OPENSUSE-SU-2025:15155-1

SUSE-SU-2025:01835-1

SUSE-SU-2025:01835-2

SUSE-SU-2025:01890-1

Affected Products

Astra Linux

Debian

Suse

Fig2Dev

CVE-2025-46399

Weakness Enumeration

Related Identifiers

Affected Products

References · 68