CVE-2006-2480

Name of the Vulnerable Software and Affected Versions Dia version 0.94

Description The issue allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code by triggering errors or warnings. This can be achieved through format string specifiers in a .bmp filename. Other mechanisms for input, such as a crafted .dia file, are also automatically processed by Dia.

Recommendations For Dia version 0.94, avoid using format string specifiers in filenames until a patch is available. As a temporary workaround, consider restricting the use of .bmp and .dia files to minimize the risk of exploitation.