An issue was discovered in fig2dev through 20200520. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. Reference: https://sourceforge.net/p/mcj/tickets/107/
Created transfig tracking bugs for this issue: Affects: fedora-all [bug 2006517]
patch: https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec991/