CVE-2025-46400

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions fig2dev version 3.2.9a

Description The issue is related to a segmentation fault in the fig2dev software, specifically in version 3.2.9a. This fault allows an attacker to impact availability via local input manipulation through the read arcobject function.

Recommendations For fig2dev version 3.2.9a, consider restricting the use of the read arcobject function until a patch is available to prevent local input manipulation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-12115

CVE-2025-46400

DLA-4147-1

MGASA-2025-0253

OESA-2025-1509

OESA-2025-1510

OESA-2025-1947

OESA-2025-1948

OESA-2025-1949

OPENSUSE-SU-2025:15155-1

SUSE-SU-2025:01835-1

SUSE-SU-2025:01835-2

SUSE-SU-2025:01890-1

Affected Products

Astra Linux

Debian

Suse

Fig2Dev

CVE-2025-46400

Weakness Enumeration

Related Identifiers

Affected Products

References · 71