Dia multiple buffer overflows infamous41md discovered three buffer overflows in Dia's xfig importer. The issues are caused by unchecked input from the xfig file. The patch can be found here: http://mail.gnome.org/archives/dia-list/2006-March/msg00149.html
Attachment 127062 [details] is Demo Exploit #1 Attachment 127063 [details] is Demo Exploit #2 Attachment 127064 [details] is Demo Exploit #3
Aan erratum was issued today for this issue by Caolan McNamara titled FEDORA-2006-261. <http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00021.html>. Closing this bug-ticket.