汇总 fig2dev_project 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 内存损坏与缓冲区溢出,在 软件部署与生产负载 使用场景中可能带来 内存损坏与应用崩溃 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-46400 | In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function. | [email protected] | 5.5 | 0.19% | 2025-04-23 | 2026-06-25 |
| CVE-2025-46399 | A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function. | [email protected] | 5.5 | 0.19% | 2025-04-23 | 2026-06-25 |
| CVE-2025-46398 | In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function. | [email protected] | 5.5 | 0.21% | 2025-04-23 | 2026-06-25 |
| CVE-2025-46397 | A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function. | [email protected] | 7.8 | 0.25% | 2025-04-23 | 2026-06-25 |
| CVE-2025-31164 | heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline. | 74b3a70d-cca6-4d34-9789-e83b222ae3be | 6.6 | 0.17% | 2025-03-28 | 2026-06-17 |
| CVE-2025-31163 | Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function. | 74b3a70d-cca6-4d34-9789-e83b222ae3be | 6.6 | 0.16% | 2025-03-28 | 2026-06-17 |
| CVE-2025-31162 | Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function. | 74b3a70d-cca6-4d34-9789-e83b222ae3be | 6.6 | 0.16% | 2025-03-28 | 2026-06-17 |
| CVE-2021-37530 | A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c. | [email protected] | 5.5 | 0.75% | 2022-01-12 | 2026-06-17 |
| CVE-2021-37529 | A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent). | [email protected] | 5.5 | 0.75% | 2022-01-12 | 2026-06-17 |
| CVE-2020-21684 | A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | [email protected] | 5.5 | 0.80% | 2021-08-10 | 2026-06-16 |
| CVE-2020-21683 | A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | [email protected] | 5.5 | 0.78% | 2021-08-10 | 2026-06-16 |
| CVE-2020-21682 | A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | [email protected] | 5.5 | 0.85% | 2021-08-10 | 2026-06-16 |
| CVE-2020-21681 | A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | [email protected] | 5.5 | 0.83% | 2021-08-10 | 2026-06-16 |
| CVE-2020-21680 | A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | [email protected] | 5.5 | 0.68% | 2021-08-10 | 2026-06-16 |
| CVE-2020-21678 | A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format. | [email protected] | 5.5 | 0.76% | 2021-08-10 | 2026-06-16 |
| CVE-2020-21676 | A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | [email protected] | 5.5 | 1.07% | 2021-08-10 | 2026-06-16 |
| CVE-2020-21675 | A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. | [email protected] | 5.5 | 1.06% | 2021-08-10 | 2026-06-16 |
| CVE-2021-3561 | An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. | [email protected] | 7.1 | 1.18% | 2021-05-26 | 2026-06-17 |
| CVE-2019-19746 | make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. | [email protected] | 5.5 | 1.19% | 2019-12-11 | 2026-06-16 |
| CVE-2018-16140 | A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. | [email protected] | 7.8 | 1.38% | 2018-08-29 | 2026-06-16 |