CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2020-18032 – graphviz: off-by-one in parse_reclbl() in lib/common/shapes.c
https://notcve.org/view.php?id=CVE-2020-18032
29 Apr 2021 — Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. Un Desbordamiento de Búfer en Graphviz Graph Visualization Tools desde el ID del commit f8b9e035 y versiones anteriores, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (bloqueo de la aplicación) al cargar un a... • https://gitlab.com/graphviz/graphviz/-/issues/1700 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-193: Off-by-one Error •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 3CVE-2014-9157 – Debian Security Advisory 3098-1
https://notcve.org/view.php?id=CVE-2014-9157
03 Dec 2014 — Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string. Vulnerabilidad de formato de cadena en la función yyerror en ib/cgraph/scan.l en Graphviz permite a atacantes remotos tener un impacto no especificado a través de especificadores de formatos de cadena en vectores desconocidos, que no están manejados correctamente en una caden... • http://advisories.mageia.org/MGASA-2014-0520.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.8EPSS: 6%CPEs: 40EXPL: 1CVE-2008-4555
https://notcve.org/view.php?id=CVE-2008-4555
14 Oct 2008 — Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements. Desbordamiento de búfer en la función push_subg de parser.y (lib/graph/parser.c) en Graphviz 2.20.2 y posiblemente versiones anteriores, permite a atacantes remotos ayudados por el usuario provocar una de... • http://bugs.gentoo.org/show_bug.cgi?id=240636 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •