Debian Dia vulnerabilities

CVE-2019-19451 [MEDIUM] CVE-2019-19451: dia - When GNOME Dia before 2019-11-27 is launched with a filename argument that is no... When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up

CVE-2008-5984 [MEDIUM] CVE-2008-5984: dia - Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and poss... Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). Scope: local bookworm: resolved (fixed in 0.96.1-7.1) bullseye: resolved (fixed in 0.96

CVE-2007-3408 [HIGH] CVE-2007-3408: dia - Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified att... Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2006-1550 [HIGH] CVE-2006-1550: dia - Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 an... Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth. Scope: local bookworm: resolved (fixed in 0.94.0-18) bullseye: resolved (fixed in 0.94.0-18) forky: resol

CVE-2006-2453 [HIGH] CVE-2006-2453: dia - Multiple unspecified format string vulnerabilities in Dia have unspecified impac... Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. Scope: local bookworm: resolved (fixed in 0.95.0-4) bullseye: resolved (fixed in 0.95.0-4) forky: resolved (fixed in 0.95.0-4) sid: resolved (fixed in 0.95.0-4) trixie: resolved (fixed in 0.95.0-4)

CVE-2006-2480 [MEDIUM] CVE-2006-2480: dia - Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause ... Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are au

CVE-2005-2966 [MEDIUM] CVE-2005-2966: dia - The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows ... The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file. Scope: local bookworm: resolved (fixed in 0.94.0-15) bullseye: resolved (fixed in 0.94.0-15) forky: resolved (fixed in 0.94.0-15) sid: resolved (fixed in 0.94.0-15) trixie: resolved (fixed in 0.94.0-15)