Overview

File _patchinfo of Package patchinfo.38710

<patchinfo incident="38710">
  <issue tracker="bnc" id="1243260">VUL-0: CVE-2025-46397: transfig: fig2dev stack-overflow</issue>
  <issue tracker="bnc" id="1243261">VUL-0: CVE-2025-46400: transfig: fig2dev segmentation fault in read_arcobject</issue>
  <issue tracker="bnc" id="1243262">VUL-0: CVE-2025-46398: transfig: fig2dev stack-overflow via read_objects</issue>
  <issue tracker="bnc" id="1243263">VUL-0: CVE-2025-46399: transfig: fig2dev segmentation fault in genge_itp_spline</issue>
  <issue tracker="cve" id="2025-46397"/>
  <issue tracker="cve" id="2025-46400"/>
  <issue tracker="cve" id="2025-46398"/>
  <issue tracker="cve" id="2025-46399"/>
  <rating>moderate</rating>
  <packager>WernerFink</packager>
  <category>security</category>
  <summary>Security update for transfig</summary>
  <description>This update for transfig fixes the following issues:

Update to fig2dev version 3.2.9a

- CVE-2025-46397: Fixed a stack buffer overflow in fig2dev in bezier_spline function (bsc#1243260).
- CVE-2025-46398: Fixed a stack buffer overflow in fig2dev in read_objects function (bsc#1243262).
- CVE-2025-46399: Fixed a segmentation fault in fig2dev in genge_itp_spline function (bsc#1243263).
- CVE-2025-46400: Fixed a segmentation fault in fig2dev in read_arcobject function (bsc#1243261).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places