|
|
CVE Reference: CVE-2006-2480 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-2480 |
|
|
Description: Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are automatically processed by Dia, such as a crafted .dia file. |
|
|
CVE Status: Candidate |
|
|
References: VULN-DEV http://www.securityfocus.com/archive/82/433313/30/0/threaded UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-286-1 SUSE http://www.novell.com/linux/security/advisories/2006-06-02.html ST 1016203 SAID Secunia Advisory: SA20199 Secunia Advisory: SA20254 Secunia Advisory: SA20339 Secunia Advisory: SA20422 Secunia Advisory: SA20457 Secunia Advisory: SA20513 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0541.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11224 OSVDB 25699 MISC http://kandangjamur.net/tutorial/dia.txt MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:093 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200606-03.xml CONFIRM http://bugzilla.gnome.org/show_bug.cgi?id=342111 BID 18078 |
|
| Return to the previous page. |
