Vulnerability Details : CVE-2005-2966
The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.
Products affected by CVE-2005-2966
- cpe:2.3:a:dia:dia:*:*:*:*:*:*:*:*
- cpe:2.3:a:dia:dia:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:dia:dia:0.92.2:*:*:*:*:*:*:*
- cpe:2.3:a:dia:dia:0.93:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-2966
2.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-2966
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
References for CVE-2005-2966
-
https://usn.ubuntu.com/193-1/
404: Page not found | Ubuntu
-
http://www.securityfocus.com/bid/15000
Exploit
-
http://www.gentoo.org/security/en/glsa/glsa-200510-06.xml
Dia: Arbitrary code execution through SVG import (GLSA 200510-06) — Gentoo security
-
http://www.debian.org/security/2006/dsa-1025
[SECURITY] [DSA 1025-1] New dia packages fix arbitrary code execution
-
http://www.vupen.com/english/advisories/2005/1950
Site en constructionVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2005:187
Mandriva
-
http://www.debian.org/security/2005/dsa-847
[SECURITY] [DSA 847-1] New dia packages fix arbitrary code execution
-
http://www.novell.com/linux/security/advisories/2005_22_sr.html
404 Page Not Found | SUSE
Jump to