Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200510-06] Dia: Arbitrary code execution through SVG import Vulnerability Scan
Vulnerability Scan Summary
Dia: Arbitrary code execution through SVG import
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200510-06
(Dia: Arbitrary code execution through SVG import)
Joxean Koret discovered that the SVG import test in Dia fails to
properly sanitise data read from an SVG file.
A possible hacker could create a specially crafted SVG file, which, when
imported into Dia, could lead to the execution of arbitrary code.
There is no known workaround at this time.
All Dia users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/dia-0.94-r3"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.