- Description
- Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.6
- Impact score
- 10
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dia:dia:0.87:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA1BE015-DB85-40B7-8E46-EF1F3AC325B6"
},
{
"criteria": "cpe:2.3:a:dia:dia:0.88.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9D772EF-ACB9-4299-9BE3-3F0579145BBB"
},
{
"criteria": "cpe:2.3:a:dia:dia:0.91:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF88FD4E-7248-499A-A0E3-A944D403D424"
},
{
"criteria": "cpe:2.3:a:dia:dia:0.92.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C0814A4A-83A2-495F-88C4-7066341514AB"
},
{
"criteria": "cpe:2.3:a:dia:dia:0.93:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D4B312B-5056-4941-8B71-71D602CD9597"
},
{
"criteria": "cpe:2.3:a:dia:dia:0.94:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C64C2501-F15B-4292-9C0C-A1205304A9A5"
}
],
"operator": "OR"
}
]
}
]