Bug#368202: [Pkg-dia-team] Bug#368202: dia: CVE-2006-2480: format
string vulnerability
Alec Berryman
alec at thened.net
Sun May 21 09:35:34 UTC 2006
Roland Stigge on 2006-05-20 23:26:28 -0500:
> Unfortunately, I can't reproduce this in full length. I can see the
> error message popup (which I consider natural), but neither dia
> crashing nor executing the "malicious code" (printing "DIA").
I see the following behavior with dia 0.95.0-3:
$ touch %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s.bmp
$ dia %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s.bmp
Segmentation fault
There is no error message popup; dia shows the splash screen, briefly
draws the main window, and then segfaults without an error message. I
see the same behavior I run dia and attempt to load the file via
File->Open.
I see a change in the behavior when I apply the patch; an error pops up
stating that it can't open the file and dia does not segfault. This
seems to be the behavior you are describing.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-dia-team/attachments/20060521/d89bd28e/attachment.pgp
More information about the Pkg-dia-team
mailing list