Dia CVE - OpenCVE

Filtered by vendor Dia Subscribe

Total 6 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2008-5984	1 Dia	1 Dia	2024-02-28	6.9 MEDIUM	N/A
Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
CVE-2007-3408	1 Dia	1 Dia	2024-02-28	7.5 HIGH	N/A
Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351.
CVE-2006-2453	1 Dia	1 Dia	2024-02-28	7.5 HIGH	N/A
Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.
CVE-2006-1550	1 Dia	1 Dia	2024-02-28	7.6 HIGH	N/A
Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth.
CVE-2006-2480	1 Dia	1 Dia	2024-02-28	5.1 MEDIUM	N/A
Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are automatically processed by Dia, such as a crafted .dia file.
CVE-2005-2966	1 Dia	1 Dia	2024-02-28	5.1 MEDIUM	N/A
The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.

Vulnerabilities (CVE)