CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5984
https://notcve.org/view.php?id=CVE-2008-5984
28 Jan 2009 — Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). Vulnerabilidad de búsqueda de ruta no confiable en la extensión Python en Dia v0.96.1 y posiblemente otras versiones, permite a usuarios locales la ejecución de código de su elección a través de un archivo Python con un caballo... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504251 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3408
https://notcve.org/view.php?id=CVE-2007-3408
26 Jun 2007 — Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351. Múltiples vulnerabilidades no especificadas en Dia anterior a 0.96.1-6 tienen impacto y vectores de ataque no especificados, probablemente implicando el uso de librerías FreeType vulnerables que contienen CVE-2007-2754 y/o CVE-2007-1351. • http://secunia.com/advisories/25810 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2006-2453
https://notcve.org/view.php?id=CVE-2006-2453
28 May 2006 — Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. • http://secunia.com/advisories/20254 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 25%CPEs: 1EXPL: 4CVE-2006-2480 – Dia 0.8x/0.9x - Filename Remote Format String
https://notcve.org/view.php?id=CVE-2006-2480
19 May 2006 — Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are automatically processed by Dia, such as a crafted .dia file. • https://www.exploit-db.com/exploits/27903 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 3%CPEs: 6EXPL: 0CVE-2006-1550 – Dia multiple buffer overflows
https://notcve.org/view.php?id=CVE-2006-1550
30 Mar 2006 — Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth. • http://mail.gnome.org/archives/dia-list/2006-March/msg00149.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 1CVE-2005-2966
https://notcve.org/view.php?id=CVE-2005-2966
05 Oct 2005 — The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file. • http://secunia.com/advisories/17047 •