| Vulnerability Name: | CVE-2006-1550 (CCN-25566) | ||||||||||||||||||||
| Assigned: | 2006-03-29 | ||||||||||||||||||||
| Published: | 2006-03-29 | ||||||||||||||||||||
| Updated: | 2018-10-18 | ||||||||||||||||||||
| Summary: | Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth. | ||||||||||||||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||
| CVSS v2 Severity: | 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Mar 29 2006 - 15:27:42 CST Buffer overflows in Dia XFig import Source: MITRE Type: CNA CVE-2006-1550 Source: CCN Type: dia-list Mailing List, Wed, 29 Mar 2006 22:08:43 +0200 Vulnerability in xfig import code Source: MLIST Type: UNKNOWN [dia-list] 20060329 Vulnerability in xfig import code Source: CCN Type: RHSA-2006-0280 dia security update Source: CCN Type: SA19469 Dia XFig Import Plugin Buffer Overflow Vulnerabilities Source: SECUNIA Type: Vendor Advisory 19469 Source: SECUNIA Type: Vendor Advisory 19505 Source: SECUNIA Type: Vendor Advisory 19507 Source: SECUNIA Type: Vendor Advisory 19543 Source: SECUNIA Type: Vendor Advisory 19546 Source: SECUNIA Type: Vendor Advisory 19765 Source: SECUNIA Type: Vendor Advisory 19897 Source: SECUNIA Type: Vendor Advisory 19959 Source: CCN Type: SECTRACK ID: 1015853 Dia Buffer Overflows in XFig Import Plugin May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015853 Source: CCN Type: ASA-2006-116 dia security update (RHSA-2006-0280) Source: DEBIAN Type: UNKNOWN DSA-1025 Source: DEBIAN Type: DSA-1025 dia -- programming error Source: CCN Type: GLSA-200604-14 Dia: Arbitrary code execution through XFig import Source: GENTOO Type: UNKNOWN GLSA-200604-14 Source: CCN Type: Dia XFig Web site Dia is a drawing program Source: MANDRIVA Type: UNKNOWN MDKSA-2006:062 Source: SUSE Type: UNKNOWN SUSE-SR:2006:009 Source: FEDORA Type: UNKNOWN FEDORA-2006-261 Source: REDHAT Type: UNKNOWN RHSA-2006:0280 Source: BUGTRAQ Type: UNKNOWN 20060329 Buffer overflows in Dia XFig import Source: BID Type: Patch 17310 Source: CCN Type: BID-17310 DIA XFIG File Import Multiple Remote Buffer Overflow Vulnerabilities Source: CCN Type: USN-266-1 dia vulnerabilities Source: XF Type: UNKNOWN diaxfig-xfig-import-bo(25566) Source: XF Type: UNKNOWN diaxfig-xfig-import-bo(25566) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10361 Source: UBUNTU Type: UNKNOWN USN-266-1 Source: SUSE Type: SUSE-SR:2006:009 SUSE Security Summary Report | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||