Fig2dev Project Fig2dev — known CVE vulnerabilities
Every CVE whose affected-product data names Fig2dev Project Fig2dev, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2018-16140 — CVSS 7.8 (high): A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer…
CVE-2025-46397 — CVSS 7.8 (high): A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.
CVE-2021-3561 — CVSS 7.1 (high): An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a…
CVE-2025-31163 — CVSS 6.6 (medium): Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.
CVE-2025-31164 — CVSS 6.6 (medium): heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via…
CVE-2025-31162 — CVSS 6.6 (medium): Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope…
CVE-2020-21681 — CVSS 5.5 (medium): A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via…
CVE-2020-21682 — CVSS 5.5 (medium): A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via…
CVE-2020-21683 — CVSS 5.5 (medium): A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a…
CVE-2020-21684 — CVSS 5.5 (medium): A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via…
CVE-2020-21675 — CVSS 5.5 (medium): A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service…
CVE-2021-37529 — CVSS 5.5 (medium): A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a…
CVE-2021-37530 — CVSS 5.5 (medium): A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.
CVE-2019-19746 — CVSS 5.5 (medium): make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large…
CVE-2025-46398 — CVSS 5.5 (medium): In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects…
CVE-2025-46399 — CVSS 5.5 (medium): A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.
CVE-2020-21676 — CVSS 5.5 (medium): A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of…
CVE-2025-46400 — CVSS 5.5 (medium): In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via…
CVE-2020-21678 — CVSS 5.5 (medium): A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of…
CVE-2020-21680 — CVSS 5.5 (medium): A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service…