A flaw was found in fig2dev version 3.2.8a. A null pointer in function svg_arrows in gensvg.c may lead to program crash and other potential consequences. Upstream bug: https://sourceforge.net/p/mcj/tickets/114/ Upstream fix: https://sourceforge.net/p/mcj/fig2dev/ci/43cfa693284b076e5d2cc100758a34b76db65e58/
This seems to be just a crash in a short-lived command line tool, so I don't think it is a security flaw/CVE-worthy.