7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
90.3%
Dia is a GTK+ based diagram creation program.
KaDaL-X discovered a format string error within the handling of filenames. Hans de Goede also discovered several other format string errors in the processing of dia files.
By enticing a user to open a specially crafted file, a remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of the user running the application.
There is no known workaround at this time.
All Dia users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/dia-0.95.1"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | app-office/dia | < 0.95.1 | UNKNOWN |