Dia format string vulnerabilities (new)
Hans de Goede
j.w.r.degoede at hhs.nl
Tue May 23 07:51:12 UTC 2006
Hi all,
A format string vulnerability in dia was reported in CVE-2006-2480, this
has lead me to taking a closer look at the use of formatstrings in dia.
Yesterday I checked all the uses of:
dia's message* funcs
g_print
g_message
g_warning
dia_assert_true
And reported my findings to John Bressers (from RedHat) and Stanislav
Brabec <sbrabec at suse.cz>. John has assigned CVE-2006-2453 for the
additonal problems I found.
This morning I also checked (and found issues and fixed) all the uses of:
gtk_message_dialog_new
gtk_message_dialog_format_secondary_text
g_error
I've attached a patch fixing all issues I found. New as of this morning
are the changes / fixes to:
app/display.c
app/filedlg.c
Regards,
Hans
p.s.
There could still be other vararg printf like functions in dia which I
didn't check. I'm in no way claiming this work is complete. With that
said I'm not planning on doing any more auditing for printf like
functions in dia in the near future.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dia-formatstring.patch
Type: text/x-patch
Size: 9181 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-security-list/attachments/20060523/738c669f/attachment.bin>
More information about the Fedora-security-list
mailing list