Updated transfig packages fix security vulnerabilities
Publication date: 11 May 2025Modification date: 11 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31162 , CVE-2025-31163 , CVE-2025-31164
Description
Floating point exception in fig2dev in version 3.2.9a allows an attacker
to availability via local input manipulation via get_slope function.
(CVE-2025-31162)
Segmentation fault in fig2dev in version 3.2.9a allows an attacker to
availability via local input manipulation via put_patternarc function.
(CVE-2025-31163)
Heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to
availability via local input manipulation via create_line_with_spline.
(CVE-2025-31164)
References
- https://bugs.mageia.org/show_bug.cgi?id=34260
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MJCOBXBMU3EIKTUVVEJUQTIAIJY6GWXG/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31162
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31163
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31164
SRPMS
9/core
- transfig-3.2.9a-1.mga9