CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19451
https://notcve.org/view.php?id=CVE-2019-19451
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3. Cuando GNOME Dia antes del 27-11-2019 es iniciado con un argumento de nombre de archivo que no es una posición de código válida en la codificación actual, ingresa en un bucle sin fin, por lo que escribe texto de forma indefinida en stdout. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html https://gitlab.gnome.org/GNOME/dia/issues/428 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5984
https://notcve.org/view.php?id=CVE-2008-5984
Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). Vulnerabilidad de búsqueda de ruta no confiable en la extensión Python en Dia v0.96.1 y posiblemente otras versiones, permite a usuarios locales la ejecución de código de su elección a través de un archivo Python con un caballo de Troya en el directorio actual de trabajo, relacionado con la vulnerabilidad en la función PySys_SetArgv (CVE-2008-5983). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504251 http://secunia.com/advisories/33672 http://secunia.com/advisories/33703 http://www.mandriva.com/security/advisories?name=MDVSA-2009:040 http://www.mandriva.com/security/advisories?name=MDVSA-2009:046 http://www.openwall.com/lists/oss-security/2009/01/26/2 http://www.securityfocus.com/bid/33448 https://bugzilla.redhat.com/show_bug.cgi?id=481551 https://exchange.xforce.ibmcloud.com/vulnerabilities/48262 https://www.redhat •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3408
https://notcve.org/view.php?id=CVE-2007-3408
Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351. Múltiples vulnerabilidades no especificadas en Dia anterior a 0.96.1-6 tienen impacto y vectores de ataque no especificados, probablemente implicando el uso de librerías FreeType vulnerables que contienen CVE-2007-2754 y/o CVE-2007-1351. • http://secunia.com/advisories/25810 http://sourceforge.net/forum/forum.php?forum_id=709959 http://www.vupen.com/english/advisories/2007/2328 •