CVE-2006-1550
dia - programming error
EPSS 4.0%
Description
Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth.
How to fix CVE-2006-1550
To remediate CVE-2006-1550, upgrade the affected package to a fixed version below.
- Debian/dia—upgrade to 0.94.0-18 or later
- Debian/dia—upgrade to 0.88.1-3woody1 or later
Is CVE-2006-1550 being exploited?
Low — EPSS is 4.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.94.0-18
- from 0, < 0.88.1-3woody1