Buffer overflows in Dia XFig import

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Buffer overflows in Dia XFig import
From: lars@xxxxxxxxx
Date: 29 Mar 2006 21:27:42 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

A security review kindly performed by infamous41md has turned up three buffer 
overflow vulnerabilities in the XFig import plug-in in Dia, a diagramming tool 
for Gtk that runs on both Winddows and Unix.  While the XFig format is not the 
native format of Dia, a specially crafted XFig file could cause arbitrary code 
execution *if* loaded into Dia.

The vulnerabilities affect versions 0.87 through 0.94 as well as prereleases 
1-5 of 0.95, after which it is fixed in the source and later prereleases.  A 
patch against the 0.94 release has been attached to the announcement on the 
dia-list at http://mail.gnome.org/archives/dia-list/2006-March/msg00149.html

-Lars Clausen
Head Dia maintainer

Prev by Date: X-Changer <=v0.2 Demo SQL injection
Next by Date: McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability
Previous by thread: X-Changer <=v0.2 Demo SQL injection
Next by thread: McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability
Index(es):
- Date
- Thread