CVE-2005-2966

Name	CVE-2005-2966
Description	The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-847-1
Debian Bugs	330890

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
dia (PTS)	bullseye	0.97.3+git20160930-9	fixed
	bookworm	0.97.3+git20220525-5	fixed
	trixie	0.98+git20250126-2	fixed
	forky, sid	0.98+git20250827-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
dia	source	woody	(not affected)		DSA-847-1
dia	source	sarge	0.94.0-7sarge1	medium	DSA-847-1	330890
dia	source	(unstable)	0.94.0-15	medium		330890