CVE-2025-46397:
Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezier_spline function.
CVE-2025-46398:
Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function.
CVE-2025-46399:
Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via genge_itp_spline function.
CVE-2025-46400:
Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function.
debian/patches: 1 patch with invalid metadata
high
Among the 12 debian patches
available in version 1:3.2.9a-4 of the package,
we noticed the following issues:
1 patch with
invalid metadata that ought to be fixed.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/f/fig2dev.png){kind=link}