Red Hat Bugzilla – Bug 187401
CVE-2006-1550 Dia multiple buffer overflows
Last modified: 2007-11-30 17:07:24 EST
Dia multiple buffer overflows
infamous41md discovered three buffer overflows in Dia's xfig importer.
The issues are caused by unchecked input from the xfig file.
The patch can be found here:
This issue also affects RHEL2.1
Created attachment 127062 [details]
Demo Exploit #1
Created attachment 127063 [details]
Demo Exploit #2
Created attachment 127064 [details]
Demo Exploit #3
For bug 187559, RHEL-4 has been rebuilt and mkerrata re-ran#
dist-2.1AS-errata-candidate dia-0.88.1-3.2 has been respun and mkerrata run for
RHEL-2.1 to pick-up fixed buildroot.
RHEL-4 packages rebuilt to avoid huge mem alloc on invalid record size and
mkerrata has been rerun for RHEL-4
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.