C-Note-06-015: SecurityTracker Alert ID: 1015853 (4/3/2006)
A vulnerability was reported in Dia. A remote user
can cause arbitrary code to be executed on the target user's system.
The XFig import plug-in contains several
buffer overflows. A remote user can create a specially crafted XFig file that,
when loaded by the target user,
can cause arbitrary code to be executed on the target user's system.
Gnome has issued a fixed version (0.95-pre6)
or there is a patch for version 0.94 available.
CVE-2006-1550
CIAC would like to thank SecurityTracker for this information. Please visit
their web site to read the article:
http://securitytracker.com/alerts/2006/Mar/1015853.html