Lucene search
UbuntuUSN-266-1HistoryApr 03, 2006 - 12:00 a.m.
dia vulnerabilities
2006-04-0300:00:00
ubuntu.com
35
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
85.8%
Releases
- Ubuntu 5.10
- Ubuntu 5.04
- Ubuntu 4.10
Details
Three buffer overflows were discovered in the Xfig file format
importer. By tricking a user into opening a specially crafted .fig
file with dia, an attacker could exploit this to execute arbitrary
code with the user’s privileges.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 5.10 | noarch | dia-gnome | < * | UNKNOWN |
| Ubuntu | 5.10 | noarch | dia | < * | UNKNOWN |
| Ubuntu | 5.10 | noarch | dia-libs | < * | UNKNOWN |
| Ubuntu | 5.04 | noarch | dia-gnome | < * | UNKNOWN |
| Ubuntu | 5.04 | noarch | dia | < * | UNKNOWN |
| Ubuntu | 5.04 | noarch | dia-libs | < * | UNKNOWN |
| Ubuntu | 4.10 | noarch | dia-gnome | < * | UNKNOWN |
| Ubuntu | 4.10 | noarch | dia | < * | UNKNOWN |
| Ubuntu | 4.10 | noarch | dia-libs | < * | UNKNOWN |
References
Related
nessus
nessus
Mandrake Linux Security Advisory : dia (MDKSA-2006:062)
2006-04-04 00:00:00
Ubuntu 4.10 / 5.04 / 5.10 : dia vulnerabilities (USN-266-1)
2006-04-04 00:00:00
centos
centos
dia security update
2006-05-04 01:13:24
dia security update
2006-05-03 17:52:34
openvas
openvas
Gentoo Security Advisory GLSA 200604-14 (dia)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-1025-1)
2008-01-17 00:00:00
FreeBSD Ports: dia, dia-gnome
2008-09-04 00:00:00
redhat
redhat
(RHSA-2006:0280) dia security update
2006-05-03 00:00:00
cve
cve
CVE-2006-1550
2006-03-30 23:02:00
cvelist
cvelist
CVE-2006-1550
2006-03-30 23:00:00
prion
prion
Buffer overflow
2006-03-30 23:02:00
ubuntucve
ubuntucve
CVE-2006-1550
2006-03-30 00:00:00
debiancve
debiancve
CVE-2006-1550
2006-03-30 23:02:00
freebsd
freebsd
dia -- XFig Import Plugin Buffer Overflow
2006-03-31 00:00:00
nvd
nvd
CVE-2006-1550
2006-03-30 23:02:00
gentoo
gentoo
Dia: Arbitrary code execution through XFig import
2006-04-23 00:00:00
osv
osv
dia - programming error
2006-04-06 00:00:00
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
85.8%
Related for USN-266-1