1. Ubuntu Security Notices
  2. USN-7587-1

USN-7587-1: Fig2dev vulnerabilities

Publication date

23 June 2025

Overview

Several security issues were fixed in Fig2dev.

Releases

Packages

  • fig2dev - Tools for creating TeX documents with portable graphics

Details

Suhwan Song discovered that Fig2dev did not correctly handle certain
memory operations. If a user or automated system were tricked into
opening a specially crafted file, an attacker could possibly use this
issue to cause a denial of service. This issue only affected
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21680, CVE-2020-21682,
CVE-2020-21683)

It was discovered that Fig2dev did not limit the size of certain inputs.
If a user or automated system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a
denial of service. (CVE-2025-31162, CVE-2025-31163)

It was discovered that Fig2dev did not correctly handle certain inputs.
If a user or automated system were tricked into opening a...

Suhwan Song discovered that Fig2dev did not correctly handle certain
memory operations. If a user or automated system were tricked into
opening a specially crafted file, an attacker could possibly use this
issue to cause a denial of service. This issue only affected
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21680, CVE-2020-21682,
CVE-2020-21683)

It was discovered that Fig2dev did not limit the size of certain inputs.
If a user or automated system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a
denial of service. (CVE-2025-31162, CVE-2025-31163)

It was discovered that Fig2dev did not correctly handle certain inputs.
If a user or automated system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 24.04 LTS and
Ubuntu 24.10. (CVE-2025-31164)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
24.10 oracular fig2dev –  1:3.2.9-4ubuntu0.1
24.04 noble fig2dev –  1:3.2.9-3ubuntu0.1~esm1  
22.04 jammy fig2dev –  1:3.2.8b-1ubuntu0.1~esm1  
20.04 focal fig2dev –  1:3.2.7a-7ubuntu0.1+esm1  
18.04 bionic fig2dev –  1:3.2.6a-6ubuntu1.1+esm1  
transfig –  1:3.2.6a-6ubuntu1.1+esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›