CVE-2025-46400 - Vulnerability Details

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fig2dev Project	Fig2dev
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:fig2dev_project:fig2dev:3.2.9a:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2025-46400
https://bugzilla.redhat.com/show_bug.cgi?id=2362054
https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html
https://nvd.nist.gov/vuln/detail/CVE-2025-46400
https://sourceforge.net/p/mcj/tickets/187/
https://www.cve.org/CVERecord?id=CVE-2025-46400

History

Mon, 03 Nov 2025 20:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html

Thu, 16 Oct 2025 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fig2dev Project Fig2dev Project fig2dev
CPEs		cpe:2.3:a:fig2dev_project:fig2dev:3.2.9a:::::::* cpe:2.3:o:redhat:enterprise_linux:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
Vendors & Products		Fig2dev Project Fig2dev Project fig2dev

Wed, 18 Jun 2025 15:00:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-46400 https://www.cve.org/CVERecord?id=CVE-2025-46400
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 17 Jun 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Fri, 23 May 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 15 May 2025 01:30:00 +0000

Type	Values Removed	Values Added
Description	Red Hat Product Security has come to the conclusion that this CVE is not needed.	In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.
Title		Xfig: fig2dev segmentation fault in read_arcobject
Weaknesses		CWE-476
References		https://access.redhat.com/security/cve/CVE-2025-46400 https://bugzilla.redhat.com/show_bug.cgi?id=2362054 https://sourceforge.net/p/mcj/tickets/187/
Metrics		cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N'}`

Wed, 30 Apr 2025 18:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-476
References	https://sourceforge.net/p/mcj/tickets/187/
Metrics	cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}`

Wed, 30 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Title	fig2dev segmentation fault in read_arcobject
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 30 Apr 2025 17:30:00 +0000

Type	Values Removed	Values Added
Description	Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function.	Red Hat Product Security has come to the conclusion that this CVE is not needed.

Thu, 24 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 23 Apr 2025 21:15:00 +0000

Type	Values Removed	Values Added
Description		Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function.
Title		fig2dev segmentation fault in read_arcobject
Weaknesses		CWE-476
References		https://sourceforge.net/p/mcj/tickets/187/
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-04-23T20:55:17.239Z

Updated: 2025-11-03T20:04:31.317Z

Reserved: 2025-04-23T20:32:36.307Z

Link: CVE-2025-46400

Vulnrichment

Updated: 2025-11-03T20:04:31.317Z

NVD

Status : Modified

Published: 2025-04-23T21:15:17.250

Modified: 2025-11-03T20:19:05.127

Link: CVE-2025-46400

Redhat

Severity : Moderate

Publid Date: 2025-04-23T20:55:17Z

Links: CVE-2025-46400 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object