CVE-2025-46400

moderate-risk

Published 2025-04-23

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.

Do I need to act?

0.14% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (5)

Fig2Dev

Enterprise Linux

Affected Vendors

Redhat Fig2Dev Project

References (4)

Vendor Advisory https://access.redhat.com/security/cve/CVE-2025-46400

Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=2362054

Exploit https://sourceforge.net/p/mcj/tickets/187/

https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 12/34 · Low