CVE-2005-2966
EPSS 2.5%dia - missing input sanitising
Published: 10/5/2005Modified: 4/28/2026
Description
The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.
Affected packages (2)
- Debian/diafrom 0, < 0.94.0-15
- Debian/diafrom 0, < 0.94.0-7sarge1