| Package | transfig |
|---|---|
| Version | 1:3.2.6a-2~deb8u2 (jessie) |
| Related CVEs | CVE-2025-31162 CVE-2025-31163 CVE-2025-31164 |
Multiple vulnerabilities have been fixed in the transfig utilities for converting XFig figure files.
CVE-2025-31162
floating point exception with huge pattern lengths
CVE-2025-31163
non-rejection of arcs with co-incident points
CVE-2025-31164
heap buffer overflow on arc-box with zero radius
For Debian 8 jessie, these problems have been fixed in version 1:3.2.6a-2~deb8u2.
We recommend that you upgrade your transfig packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.