Page 2 of 11 results (0.007 seconds)

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 3

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string. Vulnerabilidad de formato de cadena en la función yyerror en ib/cgraph/scan.l en Graphviz permite a atacantes remotos tener un impacto no especificado a través de especificadores de formatos de cadena en vectores desconocidos, que no están manejados correctamente en una cadena error. • http://advisories.mageia.org/MGASA-2014-0520.html http://seclists.org/oss-sec/2014/q4/784 http://seclists.org/oss-sec/2014/q4/872 http://secunia.com/advisories/60166 http://www.debian.org/security/2014/dsa-3098 http://www.mandriva.com/security/advisories?name=MDVSA-2014:248 http://www.mandriva.com/security/advisories?name=MDVSA-2015:187 http://www.securityfocus.com/bid/71283 https://exchange.xforce.ibmcloud.com/vulnerabilities/98949 https://github.com/ellson/graphviz/com • CWE-134: Use of Externally-Controlled Format String •

CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0

Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978. Un desbordamiento de búfer basado en pila en la función "yyerror" de Graphviz 2.34.0 permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio mediante un archivo manipulado. • http://seclists.org/oss-sec/2014/q1/54 http://www.securityfocus.com/bid/64736 https://bugzilla.redhat.com/show_bug.cgi?id=1050871 https://exchange.xforce.ibmcloud.com/vulnerabilities/90198 https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750 https://security.gentoo.org/glsa/201702-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 3%CPEs: 1EXPL: 1

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. Desbordamientos de pila en la función yyerror de lib/cgraph/scan.l en Graphviz 2.34.0 permite a atacantes remotos tener un impacto no especificado a través de una línea larga en un archivo dot. • http://seclists.org/oss-sec/2014/q1/28 http://seclists.org/oss-sec/2014/q1/38 http://secunia.com/advisories/55666 http://secunia.com/advisories/56244 http://www.debian.org/security/2014/dsa-2843 http://www.mandriva.com/security/advisories?name=MDVSA-2014:024 http://www.securityfocus.com/bid/64674 https://bugs.gentoo.org/show_bug.cgi?id=497274 https://bugzilla.redhat.com/show_bug.cgi?id=1049165 https://exchange.xforce.ibmcloud.com/vulnerabilities/90085 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 1

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list." Desbordamiento de pila en la función chkNum de lib/cgraph/scan.l en Graphviz 2.34.0 permite a atacantes remotos tener un impacto no especificado a través de vectores relacionados con un "badly formed number" y "long digit list". • http://osvdb.org/101851 http://seclists.org/oss-sec/2014/q1/46 http://seclists.org/oss-sec/2014/q1/51 http://seclists.org/oss-sec/2014/q1/54 http://secunia.com/advisories/55666 http://secunia.com/advisories/56244 http://www.debian.org/security/2014/dsa-2843 http://www.mandriva.com/security/advisories?name=MDVSA-2014:024 http://www.securityfocus.com/bid/64737 https://bugzilla.redhat.com/show_bug.cgi?id=1050872 https://github.com/ellson/graphviz/commit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.5EPSS: 0%CPEs: 40EXPL: 1

Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements. Desbordamiento de búfer en la función push_subg de parser.y (lib/graph/parser.c) en Graphviz 2.20.2 y posiblemente versiones anteriores, permite a atacantes remotos ayudados por el usuario provocar una denegación de servicio (corrupción de memoria) o ejecutar código de su elección mediante un archivo DOT con un número grande de elementos Agraph_t. • http://bugs.gentoo.org/show_bug.cgi?id=240636 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html http://secunia.com/advisories/32186 http://secunia.com/advisories/32656 http://security.gentoo.org/glsa/glsa-200811-04.xml http://securityreason.com/securityalert/4409 http://www.securityfocus.com/archive/1/497150/100/0/threaded http://www.securityfocus.com/bid/31648 https://exchang • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •