Dia: Format string vulnerabilities
1. Gentoo Linux Security Advisory
Version Information
Advisory Reference |
GLSA 200606-03 / dia |
Release Date |
June 07, 2006 |
Latest Revision |
June 07, 2006: 01 |
Impact |
normal |
Exploitable |
remote |
Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
app-office/dia |
<
0.95.1 |
>=
0.95.1 |
All supported architectures
|
Related bugreports:
#133699
Synopsis
Format string vulnerabilities in Dia may lead to the execution of arbitrary
code.
2. Impact Information
Background
Dia is a GTK+ based diagram creation program.
Description
KaDaL-X discovered a format string error within the handling of
filenames. Hans de Goede also discovered several other format
string errors in the processing of dia files.
Impact
By enticing a user to open a specially crafted file, a remote
attacker could exploit these vulnerabilities to execute arbitrary code
with the rights of the user running the application.
3. Resolution Information
Workaround
There is no known workaround at this time.
Resolution
All Dia users should upgrade to the latest available version:
Code Listing 3.1 |
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/dia-0.95.1" |
4. References
|