SB2025110347 - Multiple vulnerabilities in Xfig

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Stack-based buffer overflow (CVE-ID: CVE-2025-46398)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the read_objects() function. A remote attacker can trick the victim into opening a specially crafted file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Stack-based buffer overflow (CVE-ID: CVE-2025-46397)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the bezier_spline() function. A remote attacker can trick the victim into opening a specially crafted file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) NULL pointer dereference (CVE-ID: CVE-2025-46400)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the read_arcobject() function. A remote attacker can trick the victim into opening a specially crafted file and crash the application. 

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/security/cve/CVE-2025-46398
• https://bugzilla.redhat.com/show_bug.cgi?id=2362055
• https://sourceforge.net/p/mcj/tickets/191/
• https://access.redhat.com/security/cve/CVE-2025-46397
• https://bugzilla.redhat.com/show_bug.cgi?id=2362058
• https://sourceforge.net/p/mcj/tickets/192/
• https://access.redhat.com/security/cve/CVE-2025-46400
• https://bugzilla.redhat.com/show_bug.cgi?id=2362054
• https://sourceforge.net/p/mcj/tickets/187/