Dia: Arbitrary code execution through XFig import

Background Dia is a GTK+ based diagram creation program. Description infamous41md discovered multiple buffer overflows in Dia's XFig file import plugin. Impact By enticing a user to import a specially crafted XFig file into Dia, an attacker could exploit this issue to execute arbitrary code with...

gtk+ security hole.

while going through a quick audit of gtk i found: gtk+ can be tricked into running arbitrary code via a bogus module. this means any program using gtk that is setid can be exploited via this method. here is an exploit i wrote for this security hole: original xgtk.cworking/un-wrapped:...