CVE-2014-9157

https://notcve.org/view.php?id=CVE-2014-9157

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string. Vulnerabilidad de formato de cadena en la función yyerror en ib/cgraph/scan.l en Graphviz permite a atacantes remotos tener un impacto no especificado a través de especificadores de formatos de cadena en vectores desconocidos, que no están manejados correctamente en una cadena error. • http://advisories.mageia.org/MGASA-2014-0520.html http://seclists.org/oss-sec/2014/q4/784 http://seclists.org/oss-sec/2014/q4/872 http://secunia.com/advisories/60166 http://www.debian.org/security/2014/dsa-3098 http://www.mandriva.com/security/advisories?name=MDVSA-2014:248 http://www.mandriva.com/security/advisories?name=MDVSA-2015:187 http://www.securityfocus.com/bid/71283 https://exchange.xforce.ibmcloud.com/vulnerabilities/98949 https://github.com/ellson/graphviz/com • CWE-134: Use of Externally-Controlled Format String •