Vulnerability Details : CVE-2006-1550
Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth.
Vulnerability category: Overflow
Products affected by CVE-2006-1550
- cpe:2.3:a:dia:dia:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:dia:dia:0.92.2:*:*:*:*:*:*:*
- cpe:2.3:a:dia:dia:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:dia:dia:0.87:*:*:*:*:*:*:*
- cpe:2.3:a:dia:dia:0.88.1:*:*:*:*:*:*:*
- cpe:2.3:a:dia:dia:0.94:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-1550
1.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-1550
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST |
CWE ids for CVE-2006-1550
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-1550
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10361
404 Not Found
-
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00021.html
[SECURITY] Fedora Core 4 Update: dia-0.94-13.fc4
-
http://www.novell.com/linux/security/advisories/2006_04_28.html
404 Page Not Found | SUSE
-
http://www.gentoo.org/security/en/glsa/glsa-200604-14.xml
Dia: Arbitrary code execution through XFig import (GLSA 200604-14) — Gentoo security
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:062
Mandriva
-
http://www.debian.org/security/2006/dsa-1025
[SECURITY] [DSA 1025-1] New dia packages fix arbitrary code execution
-
http://www.redhat.com/support/errata/RHSA-2006-0280.html
Support
-
https://usn.ubuntu.com/266-1/
404: Page not found | Ubuntu
-
http://www.securityfocus.com/archive/1/429357/100/0/threaded
-
http://www.securityfocus.com/bid/17310
Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/25566
Dia XFig XFig Import Plugin buffer overflow CVE-2006-1550 Vulnerability Report
-
http://securitytracker.com/id?1015853
GoDaddy Domain Name Search
-
http://mail.gnome.org/archives/dia-list/2006-March/msg00149.html
Dia ChangeLog report for 2006-03-30 03:00:00 UTC (Thu 30 Mar)
Jump to