CVE-2006-2480

Dia 0.94 - Format String Vulnerability via Crafted .bmp Filename

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2480. PoCs published by KaDaL-X.

AI-analyzed exploit summary The exploit describes a format-string vulnerability in Dia versions 0.95 and earlier, triggered by a crafted filename containing format specifiers. The provided example filename '%p%p%p%p.bmp' demonstrates the issue, which may lead to crashes or arbitrary code execution.

Description

Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are automatically processed by Dia, such as a crafted .dia file.

Exploits (1)

exploitdb WRITEUP VERIFIED
by KaDaL-X · textdoslinux
https://www.exploit-db.com/exploits/27903

The exploit describes a format-string vulnerability in Dia versions 0.95 and earlier, triggered by a crafted filename containing format specifiers. The provided example filename '%p%p%p%p.bmp' demonstrates the issue, which may lead to crashes or arbitrary code execution.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Dia 0.95 and earlier
No auth needed
Prerequisites: User interaction to open a malicious file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18078
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0541.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20513
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20422
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20199
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11224
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006-06-02.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016203
Exploit x_refsource_misc
http://kandangjamur.net/tutorial/dia.txt
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20254
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25699
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:093
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1908
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20339
Exploit mailing-list x_refsource_vuln-dev
http://www.securityfocus.com/archive/82/433313/30/0/threaded
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/286-1/
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200606-03.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20457

Scores

EPSS 0.0763
EPSS Percentile 93.8%

Details

CWE
CWE-134
Status published
Products (1)
dia/dia 0.94
Published May 19, 2006
Tracked Since Feb 18, 2026