openSUSE has issued an advisory on May 8: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MJCOBXBMU3EIKTUVVEJUQTIAIJY6GWXG/
CVE: (none) => CVE-2025-31162, CVE-2025-31163, CVE-2025-31164Status comment: (none) => Fixed upstream in 3.2.9aWhiteboard: (none) => MGA9TOOSource RPM: (none) => transfig-3.2.8b-2.mga9.src.rpmSummary: transfig new security issues CVE-2025-3116[24] => transfig new security issues CVE-2025-3116[2-4]
Suggested advisory: ======================== The updated package fixes security vulnerabilities: Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function. (CVE-2025-31162) Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function. (CVE-2025-31163) Heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline. (CVE-2025-31164) References: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MJCOBXBMU3EIKTUVVEJUQTIAIJY6GWXG/ ======================== Updated package in core/updates_testing: ======================== transfig-3.2.9a-1.mga9 from SRPM: transfig-3.2.9a-1.mga9.src.rpm
Version: Cauldron => 9Assignee: bugsquad => qa-bugsStatus: NEW => ASSIGNEDWhiteboard: MGA9TOO => (none)Status comment: Fixed upstream in 3.2.9a => (none)
MGA9-64 Plasma Wayland on Compaq H000SB. No installation issues, installed xfig as well to create a .fig file (will be attached) Ref bug 29608 $ fig2dev -L png testtransfig.fig testtransfig.png [tester9@mach3 Documents]$ file testtransfig.png testtransfig.png: PNG image data, 567 x 433, 1-bit colormap, non-interlaced [tester9@mach3 Documents]$ fig2dev -L eps testtransfig.fig testtransfig.ps [tester9@mach3 Documents]$ fig2dev -L pdf testtransfig.fig testtransfig.pdf [tester9@mach3 Documents]$ fig2dev -L gif testtransfig.fig testtransfig.gif [tester9@mach3 Documents]$ fig2dev -L latex testtransfig.fig testtransfig.tex Not a LaTeX slope (600, -1650), deviation 60.0 pixels Not a LaTeX slope (2025, 1800), deviation 121.7 pixels Not a LaTeX slope (600, -2175), deviation 66.2 pixels Line too short; will do 1 dots Line too short; will do 2 dots Line too short; will do 3 dots Line too short; will do 3 dots Line too short; will do 4 dots Line too short; will do 5 dots Line too short; will do 6 dots Line too short; will do 6 dots Line too short; will do 7 dots Line too short; will do 7 dots and a lot more ..... $ cat testtransfig.tex \setlength{\unitlength}{3947sp}% \begin{picture}(8502,6484)(1561,-5750) {\color[rgb]{0,0,0}\thinlines \put(3526,-511){\oval(2474,2474)} }% {\color[rgb]{0,0,0}\put(4351,-5611){\framebox(5325,2550){}} }% {\color[rgb]{0,0,0}\put(6826,-661){\line( 1,-3){555}} \put(7426,-2311){\line( 6, 5){2080.328}} \put(9451,-511){\line( 1,-4){547.059}} \put(10051,-2686){\line( 0, 1){ 75}} }% {\color[rgb]{0,0,0}\multiput(1734,-3224)(8.16000,-10.88000){2}{\makebox(1.6667,11.6667){\tiny.}} \multiput(1742,-3235)(5.07355,-8.45592){3}{\makebox(1.6667,11.6667){\tiny.}} \multiput(1752,-3252)(4.66667,-7.00000){4}{\makebox(1.6667,11.6667){\tiny.}} \multiput(1766,-3273)(6.15383,-9.23075){4}{\makebox(1.6667,11.6667){\tiny.}} \multiput(1784,-3301)(5.38462,-8.07694){5}{\makebox(1.6667,11.6667){\tiny.}} etc..... Generated files display OK with gwenview or okular, so let's go.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA9-64-OK
Created attachment 14977 [details] testfile for transfig
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0152.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED