CVE-2025-31163 - Vulnerability Details - OpenCVE

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00025.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fig2dev Project	Fig2dev

Configuration 1 [-]

cpe:2.3:a:fig2dev_project:fig2dev:3.2.9a:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-4134-1	fig2dev security update
EUVD	EUVD-2025-8639	Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.
Ubuntu USN	USN-7587-1	Fig2dev vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://sourceforge.net/p/mcj/tickets/186/

History

Tue, 21 Oct 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fig2dev Project Fig2dev Project fig2dev
CPEs		cpe:2.3:a:fig2dev_project:fig2dev:3.2.9a:::::::*
Vendors & Products		Fig2dev Project Fig2dev Project fig2dev

Fri, 28 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 28 Mar 2025 18:15:00 +0000

Type	Values Removed	Values Added
Description		Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.
Title		fig2dev segmentation fault
Weaknesses		CWE-476
References		https://sourceforge.net/p/mcj/tickets/186/
Metrics		cvssV3_1 `{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H'}`

MITRE

Status: PUBLISHED

Assigner: redhat-cnalr

Published: 2025-03-28T18:01:24.768Z

Updated: 2025-03-28T19:57:29.970Z

Reserved: 2025-03-27T02:44:50.788Z

Link: CVE-2025-31163

Vulnrichment

Updated: 2025-03-28T19:57:25.215Z

NVD

Status : Analyzed

Published: 2025-03-28T18:15:18.160

Modified: 2025-10-21T14:45:34.830

Link: CVE-2025-31163

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-31163", "assignerOrgId": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "state": "PUBLISHED", "assignerShortName": "redhat-cnalr", "dateReserved": "2025-03-27T02:44:50.788Z", "datePublished": "2025-03-28T18:01:24.768Z", "dateUpdated": "2025-03-28T19:57:29.970Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "fig2dev", "product": "fig2dev", "vendor": "xfig", "versions": [{"status": "affected", "version": "3.2.9a"}]}], "datePublic": "2025-01-20T03:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function."}], "value": "Segmentation fault in fig2dev in version 3.2.9a\u00a0allows an attacker to availability via local input manipulation via\u00a0put_patternarc function."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "shortName": "redhat-cnalr", "dateUpdated": "2025-03-28T18:01:24.768Z"}, "references": [{"url": "https://sourceforge.net/p/mcj/tickets/186/"}], "source": {"discovery": "UNKNOWN"}, "title": "fig2dev segmentation fault", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-28T19:57:18.695516Z", "id": "CVE-2025-31163", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T19:57:29.970Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-31163", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-28T19:57:18.695516Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T19:57:25.215Z"}}], "cna": {"title": "fig2dev segmentation fault", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "xfig", "product": "fig2dev", "versions": [{"status": "affected", "version": "3.2.9a"}], "packageName": "fig2dev", "defaultStatus": "unaffected"}], "datePublic": "2025-01-20T03:00:00.000Z", "references": [{"url": "https://sourceforge.net/p/mcj/tickets/186/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Segmentation fault in fig2dev in version 3.2.9a\u00a0allows an attacker to availability via local input manipulation via\u00a0put_patternarc function.", "supportingMedia": [{"type": "text/html", "value": "Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476"}]}], "providerMetadata": {"orgId": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "shortName": "redhat-cnalr", "dateUpdated": "2025-03-28T18:01:24.768Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31163", "state": "PUBLISHED", "dateUpdated": "2025-03-28T19:57:29.970Z", "dateReserved": "2025-03-27T02:44:50.788Z", "assignerOrgId": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "datePublished": "2025-03-28T18:01:24.768Z", "assignerShortName": "redhat-cnalr"}, "dataVersion": "5.1"}