// For flags

CVE-2023-46045

graphviz 2.43.0 Buffer Overflow / Code Execution

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.

Graphviz 2.36 anterior a 10.0.0 tiene una lectura fuera de los límites a través de un archivo config6a manipulado. NOTA: la explotabilidad puede ser poco común porque este archivo normalmente es propiedad del usuario root.

graphviz version 2.43.0 has been reported as having a buffer overflow vulnerability. Some debate regarding this release of information notes that affected versions are likely 2.36 and 10.0.0 and that this is an out-of-bounds read issue.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-10-16 CVE Reserved
  • 2024-01-29 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-08-02 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-125: Out-of-bounds Read
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Graphviz
Search vendor "Graphviz"
 Graphviz
Search vendor "Graphviz" for product "Graphviz"
 >= 2.36.0 < 10.0.0
Search vendor "Graphviz" for product "Graphviz" and version " >= 2.36.0 < 10.0.0"
-
Affected