Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200606-03] Dia: Format string vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Dia: Format string vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200606-03
(Dia: Format string vulnerabilities)
KaDaL-X discovered a format string error within the handling of
filenames. Hans de Goede also discovered several other format
string errors in the processing of dia files.
By enticing a user to open a specially crafted file, a remote
attacker could exploit these vulnerabilities to execute arbitrary code
with the rights of the user running the application.
There is no known workaround at this time.
All Dia users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/dia-0.95.1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.