File _patchinfo of Package patchinfo.38544
<patchinfo incident="38544"> <issue tracker="bnc" id="1240381">VUL-0: CVE-2025-31163: transfig: Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.</issue> <issue tracker="bnc" id="1240379">VUL-0: CVE-2025-31164: transfig: heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via  create_line_with_spline.</issue> <issue tracker="bnc" id="1240380">VUL-0: CVE-2025-31162: transfig: Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function.</issue> <issue tracker="bnc" id="1225947">Package transfig does not build with gcc14 because of new errors</issue> <issue tracker="bnc" id="1230427">xfig: export into PDF yields error "Cant use... before PDF1.5..."</issue> <issue tracker="bnc" id="1243260">VUL-0: CVE-2025-46397: transfig: fig2dev stack-overflow</issue> <issue tracker="bnc" id="1243261">VUL-0: CVE-2025-46400: transfig: fig2dev segmentation fault in read_arcobject</issue> <issue tracker="bnc" id="1243262">VUL-0: CVE-2025-46398: transfig: fig2dev stack-overflow via read_objects</issue> <issue tracker="bnc" id="1243263">VUL-0: CVE-2025-46399: transfig: fig2dev segmentation fault in genge_itp_spline</issue> <issue tracker="cve" id="2025-31163"/> <issue tracker="cve" id="2025-31164"/> <issue tracker="cve" id="2025-31162"/> <issue tracker="cve" id="2025-46397"/> <issue tracker="cve" id="2025-46400"/> <issue tracker="cve" id="2025-46398"/> <issue tracker="cve" id="2025-46399"/> <packager>WernerFink</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for transfig</summary> <description>This update for transfig fixes the following issues: Update to fig2dev version 3.2.9a - CVE-2025-31162: Fixed a floating point exception in fig2dev in get_slope function (bsc#1240380). - CVE-2025-31163: Fixed a segmentation fault in fig2dev in put_patternarc function (bsc#1240381). - CVE-2025-31164: Fixed a heap buffer overflow in fig2dev in create_line_with_spline function (bsc#1240379). - CVE-2025-46397: Fixed a stack buffer overflow in fig2dev in bezier_spline function (bsc#1243260). - CVE-2025-46398: Fixed a stack buffer overflow in fig2dev in read_objects function (bsc#1243262). - CVE-2025-46399: Fixed a segmentation fault in fig2dev in genge_itp_spline function (bsc#1243263). - CVE-2025-46400: Fixed a segmentation fault in fig2dev in read_arcobject function (bsc#1243261). </description> </patchinfo>
