FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dia -- XFig Import Plugin Buffer Overflow

Affected packages
0.86_1 < dia < 0.94_6,1
0.86_1 < dia-gnome < 0.94_6,1

Details

VuXML ID b5fc63ad-c4c3-11da-9699-00123ffe8333
Discovery 2006-03-31
Entry 2006-04-05

Secunia reports:

Some vulnerabilities have been reported in Dia, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to boundary errors within the XFig import plugin. This can be exploited to cause buffer overflows and may allow arbitrary code execution when a specially-crafted FIG file is imported.

References

CVE Name CVE-2006-1550
Message 1143662924.6460.60.camel@linux.site
URL http://secunia.com/advisories/19469/