NotCVE - vendor:"Graphviz"

11 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-46045

https://notcve.org/view.php?id=CVE-2023-46045

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. Graphviz 2.36 anterior a 10.0.0 tiene una lectura fuera de los límites a través de un archivo config6a manipulado. NOTA: la explotabilidad puede ser poco común porque este archivo normalmente es propiedad del usuario root. • http://seclists.org/fulldisclosure/2024/Feb/24 https://gitlab.com/graphviz/graphviz/-/issues/2441 https://seclists.org/fulldisclosure/2024/Feb/24 https://seclists.org/fulldisclosure/2024/Jan/73 https://www.openwall.com/lists/oss-security/2024/02/01/2 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1

CVE-2020-18032 – graphviz: off-by-one in parse_reclbl() in lib/common/shapes.c

https://notcve.org/view.php?id=CVE-2020-18032

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. Un Desbordamiento de Búfer en Graphviz Graph Visualization Tools desde el ID del commit f8b9e035 y versiones anteriores, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (bloqueo de la aplicación) al cargar un archivo diseñado en el componente "lib/common/shapes.c" A flaw was found in graphviz. A wrong assumption in record_init function leads to an off-by-one write in parse_reclbl function, allowing an attacker who can provide graph input to potentially execute code when the label of a node is invalid and shorter than two characters. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://gitlab.com/graphviz/graphviz/-/issues/1700 https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A https://security.gentoo.org/glsa/202107-04 https://www.debian.org/security/2021/dsa-4914 https://access.redhat.com/security/cve/CVE-2020-18032 ht • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-193: Off-by-one Error •

CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 2

CVE-2019-11023

https://notcve.org/view.php?id=CVE-2019-11023

The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. La función agroot() en cgraph\obj.c en libcgraph.a en Graphviz versión 2.39.20160612.1140 tiene una desreferencia de puntero NULL, como lo demuestra graphml2gv. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00065.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00065.html https://gitlab.com/graphviz/graphviz/issues/1517 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLEAHLDJVMAEGA3YMC7KPKJ7ZPXNMJID https://lists.fedoraproject.org/archives/list/p • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2

CVE-2019-9904

https://notcve.org/view.php?id=CVE-2019-9904

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. Se ha descubierto un problema en lib\cdt\dttree.c en libcdt.a en graphviz 2.40.1. Ocurre un consumo de pila debido a llamadas recursivas agclose en lib\cgraph\graph.c en libcgraph.a, relacionado con agfstsubg en lib\cgraph\subg.c. • https://gitlab.com/graphviz/graphviz/issues/1512 https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz https://security.gentoo.org/glsa/202107-04 • CWE-674: Uncontrolled Recursion •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-10196

https://notcve.org/view.php?id=CVE-2018-10196

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. Vulnerabilidad de desreferencia de puntero NULL en la función ebuild_vlists en lib/dotgen/conc.c en la biblioteca dotgen en Graphviz 2.40.1 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante un archivo manipulado. • https://bugzilla.redhat.com/show_bug.cgi?id=1579254 https://gitlab.com/graphviz/graphviz/issues/1367 https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VR2CT3LD52GWAQUZAOSEXSYE3O7HGN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TWUEEJPMS5LAROYJYY6FREOTI6VPN3M4 https://usn.ubuntu.com/3731-1 • CWE-476: NULL Pointer Dereference •

1 2 3