|
|
Subscribe / Log in / New account

Mageia alert MGASA-2025-0152 (transfig)



From:
              Mageia Updates <updates-announce@ml.mageia.org>


To:
              updates-announce@ml.mageia.org


Subject:
              [updates-announce] MGASA-2025-0152: Updated transfig packages fix security vulnerabilities


Date:
              Sun, 11 May 2025 06:43:30 +0200


Message-ID:
              <20250511044330.C09B8A0DAD@duvel.mageia.org>


Archive-link:
              Article


MGASA-2025-0152 - Updated transfig packages fix security vulnerabilities

Publication date: 11 May 2025
URL: https://advisories.mageia.org/MGASA-2025-0152.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2025-31162,
     CVE-2025-31163,
     CVE-2025-31164

Description:
Floating point exception in fig2dev in version 3.2.9a allows an attacker
to availability via local input manipulation via get_slope function.
(CVE-2025-31162)
Segmentation fault in fig2dev in version 3.2.9a allows an attacker to
availability via local input manipulation via put_patternarc function.
(CVE-2025-31163)
Heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to
availability via local input manipulation via  create_line_with_spline.
(CVE-2025-31164)

References:
- https://bugs.mageia.org/show_bug.cgi?id=34260
-
https://lists.opensuse.org/archives/list/security-announc...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3...

SRPMS:
- 9/core/transfig-3.2.9a-1.mga9
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds