CVE-2006-2480

Publication date 19 May 2006

Last updated 24 July 2024

Ubuntu priority

Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are automatically processed by Dia, such as a crafted .dia file.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dia	7.04 feisty	Fixed 0.94.0-17.1ubuntu3
	6.10 edgy	Fixed 0.94.0-17.1ubuntu3
	6.06 LTS dapper	Fixed 0.94.0-17.1ubuntu3

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-286-1
Dia vulnerabilities
24 May 2006

Other references

https://www.cve.org/CVERecord?id=CVE-2006-2480