FERRAMENTAS LINUX: Critical Fig2dev Security Vulnerabilities: Patch Updates & Ubuntu Fixes (2025 Advisory)

terça-feira, 24 de junho de 2025

Critical Fig2dev Security Vulnerabilities: Patch Updates & Ubuntu Fixes (2025 Advisory)

 


Ubuntu users alert: CVE-2025-31162/3 exploits in Fig2dev can cause denial-of-service attacks. Learn patching steps, affected versions (18.04-24.10), and how Ubuntu Pro extends security coverage for 25k+ packages.

Overview: High-Risk Fig2dev Flaws Demand Immediate Action

Security researchers have uncovered six critical vulnerabilities in Fig2dev, a core tool for creating TeX-compatible graphics. 

These flaws (CVE-2025-31162 to CVE-2020-21680) enable denial-of-service (DoS) attacks via malicious files, posing risks to Ubuntu LTS users and enterprise systems relying on technical documentation pipelines.

🔍 Key Vulnerabilities Breakdown

  1. Memory Handling Failures (CVE-2020-21680/82/83)

    • Impact: Ubuntu 18.04/20.04 LTS systems

    • Risk: Crafted files trigger crashes via improper memory operations

  2. Input Size Exploits (CVE-2025-31162/3)

    • Impact: All Ubuntu versions

    • Risk: Unbounded inputs allow resource exhaustion attacks

  3. Undisclosed Zero-Day (CVE-2025-31164)

    • Severity: Under active investigation


🚨 Urgent Update Instructions for Ubuntu Systems

Affected Packages:

Ubuntu VersionPatch Version
24.10 (Oracular)fig2dev 3.2.9-4ubuntu0.1
20.04 (Focal)fig2dev 3.2.7a-7ubuntu0.1+esm1

Action Steps:

  1. Run sudo apt update && sudo apt upgrade fig2dev

  2. Enterprise Users: Activate Ubuntu Pro for extended 10-year security coverage (free for ≤5 machines)

💡 Why This Matters: Unpatched systems risk disruption in LaTeX/technical publishing workflows—critical for academia, R&D, and cloud infrastructure.

 

🛡️ Mitigation Strategies Beyond Patching

  • Sandboxing: Isolate Fig2dev processes using firejail or Docker

  • Network Policies: Restrict file uploads to trusted sources

  • Monitoring: Deploy intrusion detection for abnormal memory spikes


📌 Frequently Asked Questions

Q: Is Ubuntu 22.04 LTS affected?

A: Yes—update to fig2dev 3.2.8b-1ubuntu0.1~esm1 immediately.

Q: Can these CVEs lead to RCE?

A: Current analysis suggests DoS-only impact, but exploit chains remain possible.

Cezar Henrique at
Marcadores: Linux, Android, Segurança ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)