Bug 187556 (CVE-2006-1550) - CVE-2006-1550 Dia multiple buffer overflows
Summary: CVE-2006-1550 Dia multiple buffer overflows
Keywords:
Status: CLOSED NEXTRELEASE
Alias: CVE-2006-1550
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Hans de Goede
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-03-31 21:24 UTC by Josh Bressers
Modified: 2019-09-29 12:19 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-03-31 21:47:12 UTC
Embargoed:

Attachments (Terms of Use)

Description Josh Bressers 2006-03-31 21:24:37 UTC 
+++ This bug was initially created as a clone of Bug #187401 +++

Dia multiple buffer overflows

infamous41md discovered three buffer overflows in Dia's xfig importer.
The issues are caused by unchecked input from the xfig file.

The patch can be found here:
http://mail.gnome.org/archives/dia-list/2006-March/msg00149.html


This issue also affects RHEL2.1

-- Additional comment from bressers on 2006-03-30 13:44 EST --
Created an attachment (id=127062)
Demo Exploit #1


-- Additional comment from bressers on 2006-03-30 13:44 EST --
Created an attachment (id=127063)
Demo Exploit #2


-- Additional comment from bressers on 2006-03-30 13:45 EST --
Created an attachment (id=127064)
Demo Exploit #3
Comment 1 Hans de Goede 2006-03-31 21:47:12 UTC 
Many thanks for reporting this! Keep up the good work!
A build (0.94-21) fixing this using the patch you linked to has been queued to
the buildsys (it should build fine, I tested locally first).
Note You need to log in before you can comment on or make changes to this bug.