A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.
Ubuntu Security Notice 3760-1 - It was discovered that transfig incorrectly handled certain FIG files. An attacker could possibly use this to execute arbitrary code.