CVE-2006-1550

Name of the Vulnerable Software and Affected Versions: Dia versions 0.87 through 0.95-pre5

Description: The issue involves multiple buffer overflows in the xfig import code, potentially allowing attackers to have an unknown impact via a crafted xfig file. This could involve an invalid color index, number of points, or depth. The vulnerability may lead to a disruption in confidentiality, integrity, and availability of protected information and can be exploited remotely.

Recommendations: For Dia versions 0.87 through 0.95-pre5, update to version 0.95-pre6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the xfig import feature until a patch is available. Avoid using crafted xfig files that may exploit the buffer overflows in the xfig import code.