Red Hat Bugzilla – Bug 192535
CVE-2006-2480: dia format string vulnerability
Last modified: 2007-11-30 17:11:33 EST
Reproducer in GNOME Bugzilla, appears to affect 0.95 too:
The CVE notes that this may not be a vulnerability, but it is a reproducible
crash in any case.
Fixed using the patch attached to upstream's BZ (after checking / verifying it).
The fix has been imported into CVS, build and pushed for FC-5 and devel.
I assume the Security Response Team will take care of the security announcement?
And yes, this most definetly is a vulnerability. The current example of the
string format vulnerability is rather harmless, but I _think_ it will be
possbile to exploit this by getting people to open malformed files with dia.