# Security update for transfig Announcement ID: SUSE-SU-2025:01835-1 Release Date: 2025-06-09T13:24:47Z Rating: moderate References: * bsc#1225947 * bsc#1230427 * bsc#1240379 * bsc#1240380 * bsc#1240381 * bsc#1243260 * bsc#1243261 * bsc#1243262 * bsc#1243263 Cross-References: * CVE-2025-31162 * CVE-2025-31163 * CVE-2025-31164 * CVE-2025-46397 * CVE-2025-46398 * CVE-2025-46399 * CVE-2025-46400 CVSS scores: * CVE-2025-31162 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-31162 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-31163 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-31163 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-31164 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-31164 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-46397 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-46397 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-46398 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-46398 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-46399 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-46399 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-46400 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-46400 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves seven vulnerabilities and has two security fixes can now be installed. ## Description: This update for transfig fixes the following issues: Update to fig2dev version 3.2.9a * CVE-2025-31162: Fixed a floating point exception in fig2dev in get_slope function (bsc#1240380). * CVE-2025-31163: Fixed a segmentation fault in fig2dev in put_patternarc function (bsc#1240381). * CVE-2025-31164: Fixed a heap buffer overflow in fig2dev in create_line_with_spline function (bsc#1240379). * CVE-2025-46397: Fixed a stack buffer overflow in fig2dev in bezier_spline function (bsc#1243260). * CVE-2025-46398: Fixed a stack buffer overflow in fig2dev in read_objects function (bsc#1243262). * CVE-2025-46399: Fixed a segmentation fault in fig2dev in genge_itp_spline function (bsc#1243263). * CVE-2025-46400: Fixed a segmentation fault in fig2dev in read_arcobject function (bsc#1243261). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1835=1 SUSE-2025-1835=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1835=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-1835=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * transfig-3.2.9a-150600.3.5.1 * transfig-debugsource-3.2.9a-150600.3.5.1 * transfig-debuginfo-3.2.9a-150600.3.5.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * transfig-3.2.9a-150600.3.5.1 * transfig-debugsource-3.2.9a-150600.3.5.1 * transfig-debuginfo-3.2.9a-150600.3.5.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * transfig-3.2.9a-150600.3.5.1 * transfig-debugsource-3.2.9a-150600.3.5.1 * transfig-debuginfo-3.2.9a-150600.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2025-31162.html * https://www.suse.com/security/cve/CVE-2025-31163.html * https://www.suse.com/security/cve/CVE-2025-31164.html * https://www.suse.com/security/cve/CVE-2025-46397.html * https://www.suse.com/security/cve/CVE-2025-46398.html * https://www.suse.com/security/cve/CVE-2025-46399.html * https://www.suse.com/security/cve/CVE-2025-46400.html * https://bugzilla.suse.com/show_bug.cgi?id=1225947 * https://bugzilla.suse.com/show_bug.cgi?id=1230427 * https://bugzilla.suse.com/show_bug.cgi?id=1240379 * https://bugzilla.suse.com/show_bug.cgi?id=1240380 * https://bugzilla.suse.com/show_bug.cgi?id=1240381 * https://bugzilla.suse.com/show_bug.cgi?id=1243260 * https://bugzilla.suse.com/show_bug.cgi?id=1243261 * https://bugzilla.suse.com/show_bug.cgi?id=1243262 * https://bugzilla.suse.com/show_bug.cgi?id=1243263