CVE-2025-31164 - Vulnerability Details - OpenCVE

heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00022.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fig2dev Project	Fig2dev

Configuration 1 [-]

cpe:2.3:a:fig2dev_project:fig2dev:3.2.9a:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-4134-1	fig2dev security update
EUVD	EUVD-2025-8632	heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline.
Ubuntu USN	USN-7587-1	Fig2dev vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://sourceforge.net/p/mcj/tickets/184/

History

Tue, 21 Oct 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fig2dev Project Fig2dev Project fig2dev
CPEs		cpe:2.3:a:fig2dev_project:fig2dev:3.2.9a:::::::*
Vendors & Products		Fig2dev Project Fig2dev Project fig2dev

Fri, 28 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 28 Mar 2025 18:15:00 +0000

Type	Values Removed	Values Added
Description		heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline.
Title		fig2dev heap-buffer overflow
Weaknesses		CWE-122
References		https://sourceforge.net/p/mcj/tickets/184/
Metrics		cvssV3_1 `{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H'}`

MITRE

Status: PUBLISHED

Assigner: redhat-cnalr

Published: 2025-03-28T18:01:16.666Z

Updated: 2025-03-28T19:57:56.174Z

Reserved: 2025-03-27T02:44:50.788Z

Link: CVE-2025-31164

Vulnrichment

Updated: 2025-03-28T19:57:52.844Z

NVD

Status : Analyzed

Published: 2025-03-28T18:15:18.313

Modified: 2025-10-21T14:45:23.223

Link: CVE-2025-31164

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-31164", "assignerOrgId": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "state": "PUBLISHED", "assignerShortName": "redhat-cnalr", "dateReserved": "2025-03-27T02:44:50.788Z", "datePublished": "2025-03-28T18:01:16.666Z", "dateUpdated": "2025-03-28T19:57:56.174Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "fig2dev", "product": "fig2dev", "vendor": "xfig", "versions": [{"status": "affected", "version": "3.2.9a"}]}], "datePublic": "2025-01-20T03:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via  create_line_with_spline."}], "value": "heap-buffer overflow in fig2dev in version 3.2.9a\u00a0allows an attacker to availability via local input manipulation via\u00a0 create_line_with_spline."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "shortName": "redhat-cnalr", "dateUpdated": "2025-03-28T18:01:16.666Z"}, "references": [{"url": "https://sourceforge.net/p/mcj/tickets/184/"}], "source": {"discovery": "UNKNOWN"}, "title": "fig2dev heap-buffer overflow", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-28T19:57:48.497206Z", "id": "CVE-2025-31164", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T19:57:56.174Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-31164", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-28T19:57:48.497206Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T19:57:52.844Z"}}], "cna": {"title": "fig2dev heap-buffer overflow", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "xfig", "product": "fig2dev", "versions": [{"status": "affected", "version": "3.2.9a"}], "packageName": "fig2dev", "defaultStatus": "unaffected"}], "datePublic": "2025-01-20T03:00:00.000Z", "references": [{"url": "https://sourceforge.net/p/mcj/tickets/184/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "heap-buffer overflow in fig2dev in version 3.2.9a\u00a0allows an attacker to availability via local input manipulation via\u00a0 create_line_with_spline.", "supportingMedia": [{"type": "text/html", "value": "heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via  create_line_with_spline.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "shortName": "redhat-cnalr", "dateUpdated": "2025-03-28T18:01:16.666Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31164", "state": "PUBLISHED", "dateUpdated": "2025-03-28T19:57:56.174Z", "dateReserved": "2025-03-27T02:44:50.788Z", "assignerOrgId": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "datePublished": "2025-03-28T18:01:16.666Z", "assignerShortName": "redhat-cnalr"}, "dataVersion": "5.1"}