VYPR

Dia

by Dia

CVEs (8)

  • CVE-2025-15032HigJan 16, 2026
    risk 0.48cvss 7.4epss 0.00

    Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site.

  • CVE-2006-2480May 19, 2006
    risk 0.04cvss epss 0.08

    Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was…

  • CVE-2019-19451Nov 29, 2019
    risk 0.00cvss epss 0.00

    When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to…

  • CVE-2008-5984Jan 28, 2009
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function…

  • CVE-2007-3408Jun 26, 2007
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351.

  • CVE-2006-2453May 28, 2006
    risk 0.00cvss epss 0.02

    Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.

  • CVE-2006-1550Mar 30, 2006
    risk 0.00cvss epss 0.02

    Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth.

  • CVE-2005-2966Oct 5, 2005
    risk 0.00cvss epss 0.03

    The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.