Microsoft.Diagnostics.Tracing.TraceEvent.SupportFiles vulnerability in bundled dia2lib.dll

[ricohomewood]

OWASP dependency scan has detected that the bundled dia2lib.dll 2.0.0.0 in the support files that come with this nuget package have the CVE-2006-2453 vulnerability and should be patched.

The description being: Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.

Details here on the CVE: https://www.cvedetails.com/cve/CVE-2006-2453/

This is still present in the latest Nuget package Microsoft.ApplicationInsights.Profiler.AspNetCore Version 2.3.0 that uses this library.