4 results (0.005 seconds)

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. Un Desbordamiento de Búfer en Graphviz Graph Visualization Tools desde el ID del commit f8b9e035 y versiones anteriores, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (bloqueo de la aplicación) al cargar un archivo diseñado en el componente "lib/common/shapes.c" A flaw was found in graphviz. A wrong assumption in record_init function leads to an off-by-one write in parse_reclbl function, allowing an attacker who can provide graph input to potentially execute code when the label of a node is invalid and shorter than two characters. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://gitlab.com/graphviz/graphviz/-/issues/1700 https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A https://security.gentoo.org/glsa/202107-04 https://www.debian.org/security/2021/dsa-4914 https://access.redhat.com/security/cve/CVE-2020-18032 ht • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-193: Off-by-one Error •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 3

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string. Vulnerabilidad de formato de cadena en la función yyerror en ib/cgraph/scan.l en Graphviz permite a atacantes remotos tener un impacto no especificado a través de especificadores de formatos de cadena en vectores desconocidos, que no están manejados correctamente en una cadena error. • http://advisories.mageia.org/MGASA-2014-0520.html http://seclists.org/oss-sec/2014/q4/784 http://seclists.org/oss-sec/2014/q4/872 http://secunia.com/advisories/60166 http://www.debian.org/security/2014/dsa-3098 http://www.mandriva.com/security/advisories?name=MDVSA-2014:248 http://www.mandriva.com/security/advisories?name=MDVSA-2015:187 http://www.securityfocus.com/bid/71283 https://exchange.xforce.ibmcloud.com/vulnerabilities/98949 https://github.com/ellson/graphviz/com • CWE-134: Use of Externally-Controlled Format String •

CVSS: 8.5EPSS: 0%CPEs: 40EXPL: 1

Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements. Desbordamiento de búfer en la función push_subg de parser.y (lib/graph/parser.c) en Graphviz 2.20.2 y posiblemente versiones anteriores, permite a atacantes remotos ayudados por el usuario provocar una denegación de servicio (corrupción de memoria) o ejecutar código de su elección mediante un archivo DOT con un número grande de elementos Agraph_t. • http://bugs.gentoo.org/show_bug.cgi?id=240636 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html http://secunia.com/advisories/32186 http://secunia.com/advisories/32656 http://security.gentoo.org/glsa/glsa-200811-04.xml http://securityreason.com/securityalert/4409 http://www.securityfocus.com/archive/1/497150/100/0/threaded http://www.securityfocus.com/bid/31648 https://exchang • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 3.6EPSS: 0%CPEs: 26EXPL: 0

graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier. • http://secunia.com/advisories/17121 http://secunia.com/advisories/17125 http://secunia.com/advisories/17207 http://www.debian.org/security/2005/dsa-857 http://www.mandriva.com/security/advisories?name=MDKSA-2005:188 http://www.securityfocus.com/bid/15050 https://usn.ubuntu.com/208-1 •