Summary
Detail | |||
---|---|---|---|
Vendor | Graphviz | First view | 2005-12-31 |
Product | Graphviz | Last view | 2024-02-02 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2024-02-02 | CVE-2023-46045 | Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. |
7.8 | 2021-04-29 | CVE-2020-18032 | Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. |
8.8 | 2019-04-08 | CVE-2019-11023 | The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. |
6.5 | 2019-03-21 | CVE-2019-9904 | An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. |
5.5 | 2018-05-30 | CVE-2018-10196 | NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. |
7.8 | 2017-08-07 | CVE-2014-1235 | Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978. |
7.5 | 2014-12-03 | CVE-2014-9157 | Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string. |
10 | 2014-01-10 | CVE-2014-1236 | Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list." |
9.3 | 2014-01-10 | CVE-2014-0978 | Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. |
8.5 | 2008-10-14 | CVE-2008-4555 | Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements. |
3.6 | 2005-12-31 | CVE-2005-4803 | graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
40% (4) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
20% (2) | CWE-476 | NULL Pointer Dereference |
10% (1) | CWE-674 | Uncontrolled Recursion |
10% (1) | CWE-134 | Uncontrolled Format String |
10% (1) | CWE-125 | Out-of-bounds Read |
10% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:22492 | DSA-2843-1 graphviz - buffer overflow |
oval:org.mitre.oval:def:21511 | USN-2083-1 -- graphviz vulnerabilities |
oval:org.mitre.oval:def:28669 | USN-2435-1 -- Graphviz vulnerability |
oval:org.mitre.oval:def:28490 | DSA-3098-1 -- graphviz security update |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
48939 | Graphviz lib/graph/parser.c push_subg Function Crafted DOT File Overflow |
19891 | Graphviz dotty.lefty Symlink Arbitrary File Overwrite |
OpenVAS Exploits
id | Description |
---|---|
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:254-1 (graphviz) File : nvt/mdksa_2009_254_1.nasl |
2009-10-06 | Name : Mandrake Security Advisory MDVSA-2009:254 (graphviz) File : nvt/mdksa_2009_254.nasl |
2008-11-19 | Name : Gentoo Security Advisory GLSA 200811-04 (graphviz) File : nvt/glsa_200811_04.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-25674bb48e.nasl - Type: ACT_GATHER_INFO |
2018-05-30 | Name: The remote Fedora host is missing a security update. File: fedora_2018-fd850e033d.nasl - Type: ACT_GATHER_INFO |
2017-12-14 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1341.nasl - Type: ACT_GATHER_INFO |
2017-02-13 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201702-06.nasl - Type: ACT_GATHER_INFO |
2015-04-03 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2015-187.nasl - Type: ACT_GATHER_INFO |
2015-03-26 | Name: The remote Debian host is missing a security update. File: debian_DLA-105.nasl - Type: ACT_GATHER_INFO |
2015-03-09 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2015-488.nasl - Type: ACT_GATHER_INFO |
2015-03-09 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2015-487.nasl - Type: ACT_GATHER_INFO |
2014-12-15 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2014-248.nasl - Type: ACT_GATHER_INFO |
2014-12-15 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3098.nasl - Type: ACT_GATHER_INFO |
2014-12-09 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-2435-1.nasl - Type: ACT_GATHER_INFO |
2014-12-07 | Name: The remote Fedora host is missing a security update. File: fedora_2014-15811.nasl - Type: ACT_GATHER_INFO |
2014-12-07 | Name: The remote Fedora host is missing a security update. File: fedora_2014-15760.nasl - Type: ACT_GATHER_INFO |
2014-12-06 | Name: The remote Fedora host is missing a security update. File: fedora_2014-15812.nasl - Type: ACT_GATHER_INFO |
2014-03-12 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2014-296.nasl - Type: ACT_GATHER_INFO |
2014-03-12 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2014-297.nasl - Type: ACT_GATHER_INFO |
2014-02-12 | Name: The remote Fedora host is missing a security update. File: fedora_2014-0621.nasl - Type: ACT_GATHER_INFO |
2014-02-12 | Name: The remote Fedora host is missing a security update. File: fedora_2014-0602.nasl - Type: ACT_GATHER_INFO |
2014-02-05 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2014-284.nasl - Type: ACT_GATHER_INFO |
2014-02-05 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2014-285.nasl - Type: ACT_GATHER_INFO |
2014-01-27 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2014-024.nasl - Type: ACT_GATHER_INFO |
2014-01-17 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-2083-1.nasl - Type: ACT_GATHER_INFO |
2014-01-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2843.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20091111_graphviz_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2009-10-02 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2009-254.nasl - Type: ACT_GATHER_INFO |