| Package | fig2dev |
|---|---|
| Version | 1:3.2.6a-2+deb9u5 (stretch), 1:3.2.7a-5+deb10u6 (buster) |
| Related CVEs | CVE-2025-31162 CVE-2025-31163 CVE-2025-31164 |
Multiple vulnerabilities have been fixed in the fig2dev utilities for converting XFig figure files.
CVE-2025-31162
floating point exception with huge pattern lengths
CVE-2025-31163
non-rejection of arcs with co-incident points
CVE-2025-31164
heap buffer overflow on arc-box with zero radius
For Debian 10 buster, these problems have been fixed in version 1:3.2.7a-5+deb10u6.
For Debian 9 stretch, these problems have been fixed in version 1:3.2.6a-2+deb9u5.
We recommend that you upgrade your fig2dev packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.