CVE-2014-9157
Debian Security Advisory 3098-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
Vulnerabilidad de formato de cadena en la función yyerror en ib/cgraph/scan.l en Graphviz permite a atacantes remotos tener un impacto no especificado a través de especificadores de formatos de cadena en vectores desconocidos, que no están manejados correctamente en una cadena error.
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. Additionally the gtkglarea2 and gtkglext packages were missing and was required for graphviz to build, these packages are also being provided with this advisory.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-12-01 CVE Reserved
- 2014-12-03 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-04-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-134: Use of Externally-Controlled Format String
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://advisories.mageia.org/MGASA-2014-0520.html | Third Party Advisory | |
| http://secunia.com/advisories/60166 | Broken Link | |
| http://www.securityfocus.com/bid/71283 | Broken Link | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98949 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://seclists.org/oss-sec/2014/q4/784 | 2024-08-06 | |
| http://seclists.org/oss-sec/2014/q4/872 | 2024-08-06 | |
| https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2014/dsa-3098 | 2024-07-19 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:248 | 2024-07-19 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:187 | 2024-07-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Graphviz Search vendor "Graphviz" | Graphviz Search vendor "Graphviz" for product "Graphviz" | < 2.42.4 Search vendor "Graphviz" for product "Graphviz" and version " < 2.42.4" | - |
Affected
| ||||||