CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19451
https://notcve.org/view.php?id=CVE-2019-19451
29 Nov 2019 — When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream r... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5984
https://notcve.org/view.php?id=CVE-2008-5984
28 Jan 2009 — Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). Vulnerabilidad de búsqueda de ruta no confiable en la extensión Python en Dia v0.96.1 y posiblemente otras versiones, permite a usuarios locales la ejecución de código de su elección a través de un archivo Python con un caballo... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504251 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3408
https://notcve.org/view.php?id=CVE-2007-3408
26 Jun 2007 — Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351. Múltiples vulnerabilidades no especificadas en Dia anterior a 0.96.1-6 tienen impacto y vectores de ataque no especificados, probablemente implicando el uso de librerías FreeType vulnerables que contienen CVE-2007-2754 y/o CVE-2007-1351. • http://secunia.com/advisories/25810 •
CVSS: 7.8EPSS: 25%CPEs: 1EXPL: 4CVE-2006-2480 – Dia 0.8x/0.9x - Filename Remote Format String
https://notcve.org/view.php?id=CVE-2006-2480
19 May 2006 — Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are automatically processed by Dia, such as a crafted .dia file. • https://www.exploit-db.com/exploits/27903 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 3%CPEs: 6EXPL: 0CVE-2006-1550 – Dia multiple buffer overflows
https://notcve.org/view.php?id=CVE-2006-1550
30 Mar 2006 — Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth. • http://mail.gnome.org/archives/dia-list/2006-March/msg00149.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 1CVE-2005-2966
https://notcve.org/view.php?id=CVE-2005-2966
05 Oct 2005 — The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file. • http://secunia.com/advisories/17047 •