CVE-2005-2966 — DIA vulnerability

6 documents6 sources

Severity

5.1MEDIUMNVD

EPSS

2.5%

top 14.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

DIA Debian DIA

Timeline

PublishedOct 5

Latest updateMay 1

Description

The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/dia< dia 0.94.0-15 (bookworm)

▶Debiandia/dia< 0.94.0-15+3

▶NVDdia/dia0.94+3

🔴Vulnerability Details

GHSA

GHSA-2w7x-w5p4-w2mw: The Python SVG import plugin (diasvg_import↗2022-05-01

▶

OSV

CVE-2005-2966: The Python SVG import plugin (diasvg_import↗2005-10-05

▶

📋Vendor Advisories

Ubuntu

dia vulnerability↗2005-10-04

▶

Debian

CVE-2005-2966: dia - The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows ...↗2005

▶

💬Community

Bugzilla

CVE-2006-2453 Additional dia format string flaws↗2006-05-23

▶