Dia multiple buffer overflows
infamous41md discovered three buffer overflows in Dia's xfig importer.
The issues are caused by unchecked input from the xfig file.
The patch can be found here:
This issue also affects RHEL2.1
Created attachment 127062 [details]
Demo Exploit #1
Created attachment 127063 [details]
Demo Exploit #2
Created attachment 127064 [details]
Demo Exploit #3
For bug 187559, RHEL-4 has been rebuilt and mkerrata re-ran#
dist-2.1AS-errata-candidate dia-0.88.1-3.2 has been respun and mkerrata run for
RHEL-2.1 to pick-up fixed buildroot.
RHEL-4 packages rebuilt to avoid huge mem alloc on invalid record size and
mkerrata has been rerun for RHEL-4
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.