CVE-2005-2966
dia - missing input sanitising
EPSS 2.5%
Description
The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.
How to fix CVE-2005-2966
To remediate CVE-2005-2966, upgrade the affected package to a fixed version below.
- Debian/dia—upgrade to 0.94.0-15 or later
- Debian/dia—upgrade to 0.94.0-7sarge1 or later
Is CVE-2005-2966 being exploited?
Low — EPSS is 2.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.94.0-15
- from 0, < 0.94.0-7sarge1