CVE-2006-1550 — Improper Restriction of Operations within the Bounds of a Memory Buffer in DIA

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents7 sources

Severity

7.6HIGHNVD

EPSS

4.0%

top 11.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

DIA Debian DIA

Timeline

PublishedMar 30

Latest updateMay 1

Description

Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/dia< dia 0.94.0-18 (bookworm)

▶Debiandia/dia< 0.94.0-18+3

▶NVDdia/dia6 versions+5

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-qq7h-p864-fw93: Multiple buffer overflows in the xfig import code (xfig-import↗2022-05-01

▶

OSV

CVE-2006-1550: Multiple buffer overflows in the xfig import code (xfig-import↗2006-03-30

▶

📋Vendor Advisories

Ubuntu

dia vulnerabilities↗2006-04-03

▶

Red Hat

Dia multiple buffer overflows↗2006-03-29

▶

Debian

CVE-2006-1550: dia - Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 an...↗2006

▶

💬Community

Bugzilla

CVE-2006-1550 Dia multiple buffer overflows↗2006-04-06

▶

Bugzilla

CVE-2006-1550 Dia multiple buffer overflows↗2006-03-31

▶

Bugzilla

CVE-2006-1550 Dia multiple buffer overflows↗2006-03-30

▶

Bugzilla

CVE-2006-1550 Dia multiple buffer overflows↗2006-03-30

▶