Bug#368202: [Pkg-dia-team] Bug#368202: dia: CVE-2006-2480: format string vulnerability

Alec Berryman alec at thened.net
Sun May 21 09:35:34 UTC 2006

Roland Stigge on 2006-05-20 23:26:28 -0500:

> Unfortunately, I can't reproduce this in full length. I can see the
> error message popup (which I consider natural), but neither dia
> crashing nor executing the "malicious code" (printing "DIA").

I see the following behavior with dia 0.95.0-3:

$ touch %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s.bmp
$ dia %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s.bmp
Segmentation fault

There is no error message popup; dia shows the splash screen, briefly
draws the main window, and then segfaults without an error message.  I
see the same behavior I run dia and attempt to load the file via

I see a change in the behavior when I apply the patch; an error pops up
stating that it can't open the file and dia does not segfault.  This
seems to be the behavior you are describing.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-dia-team/attachments/20060521/d89bd28e/attachment.pgp

More information about the Pkg-dia-team mailing list