Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    22 vulnerabilities by graphviz

    CVE-2023-46045 (GCVE-0-2023-46045)

    Vulnerability from nvd – Published: 2024-02-02 00:00 – Updated: 2025-11-04 18:18
    VLAI
    Summary
    Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:18:36.138Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.com/graphviz/graphviz/-/issues/2441"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2024/Jan/73"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2024/02/01/2"
              },
              {
                "name": "20240220 Re: Buffer Overflow in graphviz via via a crafted config6a file",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Feb/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2024/Feb/24"
              },
              {
                "url": "http://packetstormsecurity.com/files/176816/graphviz-2.43.0-Buffer-Overflow-Code-Execution.html"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jan/73"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jan/62"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46045",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T17:21:09.339142Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-15T19:50:42.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-06T20:53:27.287Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gitlab.com/graphviz/graphviz/-/issues/2441"
            },
            {
              "url": "https://seclists.org/fulldisclosure/2024/Jan/73"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2024/02/01/2"
            },
            {
              "name": "20240220 Re: Buffer Overflow in graphviz via via a crafted config6a file",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2024/Feb/24"
            },
            {
              "url": "https://seclists.org/fulldisclosure/2024/Feb/24"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46045",
        "datePublished": "2024-02-02T00:00:00.000Z",
        "dateReserved": "2023-10-16T00:00:00.000Z",
        "dateUpdated": "2025-11-04T18:18:36.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-18032 (GCVE-0-2020-18032)

    Vulnerability from nvd – Published: 2021-04-29 17:20 – Updated: 2024-08-04 14:00
    VLAI
    Summary
    Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://gitlab.com/graphviz/graphviz/-/issues/1700 x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2021… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2021/dsa-4914 vendor-advisoryx_refsource_DEBIAN
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://security.gentoo.org/glsa/202107-04 vendor-advisoryx_refsource_GENTOO
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T14:00:48.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/graphviz/graphviz/-/issues/1700"
              },
              {
                "name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2659-1] graphviz security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html"
              },
              {
                "name": "DSA-4914",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4914"
              },
              {
                "name": "FEDORA-2021-5fb7be1fbf",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/"
              },
              {
                "name": "FEDORA-2021-ede783f2b6",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/"
              },
              {
                "name": "GLSA-202107-04",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202107-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the \"lib/common/shapes.c\" component."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-03T05:06:15.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/graphviz/graphviz/-/issues/1700"
            },
            {
              "name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2659-1] graphviz security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html"
            },
            {
              "name": "DSA-4914",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4914"
            },
            {
              "name": "FEDORA-2021-5fb7be1fbf",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/"
            },
            {
              "name": "FEDORA-2021-ede783f2b6",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/"
            },
            {
              "name": "GLSA-202107-04",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202107-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-18032",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the \"lib/common/shapes.c\" component."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/graphviz/graphviz/-/issues/1700",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/graphviz/graphviz/-/issues/1700"
                },
                {
                  "name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2659-1] graphviz security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html"
                },
                {
                  "name": "DSA-4914",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4914"
                },
                {
                  "name": "FEDORA-2021-5fb7be1fbf",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/"
                },
                {
                  "name": "FEDORA-2021-ede783f2b6",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/"
                },
                {
                  "name": "GLSA-202107-04",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202107-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-18032",
        "datePublished": "2021-04-29T17:20:02.000Z",
        "dateReserved": "2020-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T14:00:48.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11023 (GCVE-0-2019-11023)

    Vulnerability from nvd – Published: 2019-04-08 22:20 – Updated: 2024-08-04 22:40
    VLAI
    Summary
    The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:15.959Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/graphviz/graphviz/issues/1517"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://research.loginsoft.com/bugs/null-pointer-dereference-in-function-agroot/"
              },
              {
                "name": "FEDORA-2019-521e6c567c",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI3D5TQE3IMCSF5OUTXQL4GVKFCIY5JG/"
              },
              {
                "name": "FEDORA-2019-feeb1a2543",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLEAHLDJVMAEGA3YMC7KPKJ7ZPXNMJID/"
              },
              {
                "name": "openSUSE-SU-2019:1434",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00054.html"
              },
              {
                "name": "openSUSE-SU-2019:1459",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00065.html"
              },
              {
                "name": "openSUSE-SU-2020:0876",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00056.html"
              },
              {
                "name": "openSUSE-SU-2020:0906",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00065.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The agroot() function in cgraph\\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-29T23:06:08.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/graphviz/graphviz/issues/1517"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://research.loginsoft.com/bugs/null-pointer-dereference-in-function-agroot/"
            },
            {
              "name": "FEDORA-2019-521e6c567c",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI3D5TQE3IMCSF5OUTXQL4GVKFCIY5JG/"
            },
            {
              "name": "FEDORA-2019-feeb1a2543",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLEAHLDJVMAEGA3YMC7KPKJ7ZPXNMJID/"
            },
            {
              "name": "openSUSE-SU-2019:1434",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00054.html"
            },
            {
              "name": "openSUSE-SU-2019:1459",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00065.html"
            },
            {
              "name": "openSUSE-SU-2020:0876",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00056.html"
            },
            {
              "name": "openSUSE-SU-2020:0906",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00065.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-11023",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The agroot() function in cgraph\\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/graphviz/graphviz/issues/1517",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/graphviz/graphviz/issues/1517"
                },
                {
                  "name": "https://research.loginsoft.com/bugs/null-pointer-dereference-in-function-agroot/",
                  "refsource": "MISC",
                  "url": "https://research.loginsoft.com/bugs/null-pointer-dereference-in-function-agroot/"
                },
                {
                  "name": "FEDORA-2019-521e6c567c",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FI3D5TQE3IMCSF5OUTXQL4GVKFCIY5JG/"
                },
                {
                  "name": "FEDORA-2019-feeb1a2543",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLEAHLDJVMAEGA3YMC7KPKJ7ZPXNMJID/"
                },
                {
                  "name": "openSUSE-SU-2019:1434",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00054.html"
                },
                {
                  "name": "openSUSE-SU-2019:1459",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00065.html"
                },
                {
                  "name": "openSUSE-SU-2020:0876",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00056.html"
                },
                {
                  "name": "openSUSE-SU-2020:0906",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00065.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-11023",
        "datePublished": "2019-04-08T22:20:09.000Z",
        "dateReserved": "2019-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:40:15.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9904 (GCVE-0-2019-9904)

    Vulnerability from nvd – Published: 2019-03-21 17:43 – Updated: 2024-08-04 22:01
    VLAI
    Summary
    An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:01:55.186Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/graphviz/graphviz/issues/1512"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/"
              },
              {
                "name": "GLSA-202107-04",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202107-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in lib\\cdt\\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\\cgraph\\graph.c in libcgraph.a, related to agfstsubg in lib\\cgraph\\subg.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-03T05:06:17.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/graphviz/graphviz/issues/1512"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/"
            },
            {
              "name": "GLSA-202107-04",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202107-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-9904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in lib\\cdt\\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\\cgraph\\graph.c in libcgraph.a, related to agfstsubg in lib\\cgraph\\subg.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/graphviz/graphviz/issues/1512",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/graphviz/graphviz/issues/1512"
                },
                {
                  "name": "https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/",
                  "refsource": "MISC",
                  "url": "https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/"
                },
                {
                  "name": "GLSA-202107-04",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202107-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-9904",
        "datePublished": "2019-03-21T17:43:15.000Z",
        "dateReserved": "2019-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:01:55.186Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10196 (GCVE-0-2018-10196)

    Vulnerability from nvd – Published: 2018-05-30 21:00 – Updated: 2024-08-05 07:32
    VLAI
    Summary
    NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:32:01.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3731-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3731-1/"
              },
              {
                "name": "FEDORA-2018-fd850e033d",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TWUEEJPMS5LAROYJYY6FREOTI6VPN3M4/"
              },
              {
                "name": "FEDORA-2018-25674bb48e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VR2CT3LD52GWAQUZAOSEXSYE3O7HGN/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/graphviz/graphviz/issues/1367"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579254"
              },
              {
                "name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2659-1] graphviz security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-13T10:06:20.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3731-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3731-1/"
            },
            {
              "name": "FEDORA-2018-fd850e033d",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TWUEEJPMS5LAROYJYY6FREOTI6VPN3M4/"
            },
            {
              "name": "FEDORA-2018-25674bb48e",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VR2CT3LD52GWAQUZAOSEXSYE3O7HGN/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/graphviz/graphviz/issues/1367"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579254"
            },
            {
              "name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2659-1] graphviz security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-10196",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3731-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3731-1/"
                },
                {
                  "name": "FEDORA-2018-fd850e033d",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TWUEEJPMS5LAROYJYY6FREOTI6VPN3M4/"
                },
                {
                  "name": "FEDORA-2018-25674bb48e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VR2CT3LD52GWAQUZAOSEXSYE3O7HGN/"
                },
                {
                  "name": "https://gitlab.com/graphviz/graphviz/issues/1367",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/graphviz/graphviz/issues/1367"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1579254",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579254"
                },
                {
                  "name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2659-1] graphviz security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-10196",
        "datePublished": "2018-05-30T21:00:00.000Z",
        "dateReserved": "2018-04-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:32:01.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-1235 (GCVE-0-2014-1235)

    Vulnerability from nvd – Published: 2017-08-07 20:00 – Updated: 2024-08-06 09:34
    VLAI
    Summary
    Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:34:41.123Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201702-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201702-06"
              },
              {
                "name": "[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/54"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750"
              },
              {
                "name": "graphviz-cve20141235-bo(90198)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90198"
              },
              {
                "name": "64736",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/64736"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050871"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the \"yyerror\" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-201702-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201702-06"
            },
            {
              "name": "[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/54"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750"
            },
            {
              "name": "graphviz-cve20141235-bo(90198)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90198"
            },
            {
              "name": "64736",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/64736"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050871"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-1235",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the \"yyerror\" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201702-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201702-06"
                },
                {
                  "name": "[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/54"
                },
                {
                  "name": "https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750"
                },
                {
                  "name": "graphviz-cve20141235-bo(90198)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90198"
                },
                {
                  "name": "64736",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/64736"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050871",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050871"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-1235",
        "datePublished": "2017-08-07T20:00:00.000Z",
        "dateReserved": "2014-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:34:41.123Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9157 (GCVE-0-2014-9157)

    Vulnerability from nvd – Published: 2014-12-03 21:00 – Updated: 2024-08-06 13:33
    VLAI
    Summary
    Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://seclists.org/oss-sec/2014/q4/872 mailing-listx_refsource_MLIST
    http://advisories.mageia.org/MGASA-2014-0520.html x_refsource_CONFIRM
    http://www.securityfocus.com/bid/71283 vdb-entryx_refsource_BID
    https://github.com/ellson/graphviz/commit/99eda42… x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-3098 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/60166 third-party-advisoryx_refsource_SECUNIA
    http://seclists.org/oss-sec/2014/q4/784 mailing-listx_refsource_MLIST
    Date Public
    2014-11-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:33:13.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDVSA-2014:248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:248"
              },
              {
                "name": "graphviz-format-sting(98949)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98949"
              },
              {
                "name": "MDVSA-2015:187",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:187"
              },
              {
                "name": "[oss-security] 20141201 Re: Re: CVE Request: Graphviz format string vuln",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q4/872"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0520.html"
              },
              {
                "name": "71283",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/71283"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081"
              },
              {
                "name": "DSA-3098",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3098"
              },
              {
                "name": "60166",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60166"
              },
              {
                "name": "[oss-security] 20141125 CVE Request: Graphviz format string vuln",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q4/784"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-11-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-07T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "MDVSA-2014:248",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:248"
            },
            {
              "name": "graphviz-format-sting(98949)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98949"
            },
            {
              "name": "MDVSA-2015:187",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:187"
            },
            {
              "name": "[oss-security] 20141201 Re: Re: CVE Request: Graphviz format string vuln",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q4/872"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0520.html"
            },
            {
              "name": "71283",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/71283"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081"
            },
            {
              "name": "DSA-3098",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3098"
            },
            {
              "name": "60166",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60166"
            },
            {
              "name": "[oss-security] 20141125 CVE Request: Graphviz format string vuln",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q4/784"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-9157",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDVSA-2014:248",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:248"
                },
                {
                  "name": "graphviz-format-sting(98949)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98949"
                },
                {
                  "name": "MDVSA-2015:187",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:187"
                },
                {
                  "name": "[oss-security] 20141201 Re: Re: CVE Request: Graphviz format string vuln",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q4/872"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0520.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0520.html"
                },
                {
                  "name": "71283",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/71283"
                },
                {
                  "name": "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081"
                },
                {
                  "name": "DSA-3098",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3098"
                },
                {
                  "name": "60166",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60166"
                },
                {
                  "name": "[oss-security] 20141125 CVE Request: Graphviz format string vuln",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q4/784"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-9157",
        "datePublished": "2014-12-03T21:00:00.000Z",
        "dateReserved": "2014-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:33:13.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0978 (GCVE-0-2014-0978)

    Vulnerability from nvd – Published: 2014-01-10 17:00 – Updated: 2024-08-06 09:34
    VLAI
    Summary
    Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/bid/64674 vdb-entryx_refsource_BID
    https://bugzilla.redhat.com/show_bug.cgi?id=1049165 x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201702-06 vendor-advisoryx_refsource_GENTOO
    https://github.com/ellson/graphviz/commit/7aaddf5… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://seclists.org/oss-sec/2014/q1/28 mailing-listx_refsource_MLIST
    http://www.debian.org/security/2014/dsa-2843 vendor-advisoryx_refsource_DEBIAN
    https://bugs.gentoo.org/show_bug.cgi?id=497274 x_refsource_MISC
    http://seclists.org/oss-sec/2014/q1/38 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/55666 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/56244 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2014-01-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:34:40.951Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDVSA-2014:024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:024"
              },
              {
                "name": "64674",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/64674"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049165"
              },
              {
                "name": "GLSA-201702-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201702-06"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a"
              },
              {
                "name": "graphviz-yyerror-bo(90085)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90085"
              },
              {
                "name": "[oss-security] 20140107 CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/28"
              },
              {
                "name": "DSA-2843",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2843"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.gentoo.org/show_bug.cgi?id=497274"
              },
              {
                "name": "[oss-security] 20140107 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/38"
              },
              {
                "name": "55666",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55666"
              },
              {
                "name": "56244",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/56244"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-01-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "MDVSA-2014:024",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:024"
            },
            {
              "name": "64674",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/64674"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049165"
            },
            {
              "name": "GLSA-201702-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201702-06"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a"
            },
            {
              "name": "graphviz-yyerror-bo(90085)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90085"
            },
            {
              "name": "[oss-security] 20140107 CVE Request: graphviz: stack-based buffer overflow in yyerror()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/28"
            },
            {
              "name": "DSA-2843",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2843"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.gentoo.org/show_bug.cgi?id=497274"
            },
            {
              "name": "[oss-security] 20140107 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/38"
            },
            {
              "name": "55666",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55666"
            },
            {
              "name": "56244",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/56244"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-0978",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDVSA-2014:024",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:024"
                },
                {
                  "name": "64674",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/64674"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1049165",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049165"
                },
                {
                  "name": "GLSA-201702-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201702-06"
                },
                {
                  "name": "https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a"
                },
                {
                  "name": "graphviz-yyerror-bo(90085)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90085"
                },
                {
                  "name": "[oss-security] 20140107 CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/28"
                },
                {
                  "name": "DSA-2843",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2843"
                },
                {
                  "name": "https://bugs.gentoo.org/show_bug.cgi?id=497274",
                  "refsource": "MISC",
                  "url": "https://bugs.gentoo.org/show_bug.cgi?id=497274"
                },
                {
                  "name": "[oss-security] 20140107 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/38"
                },
                {
                  "name": "55666",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/55666"
                },
                {
                  "name": "56244",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/56244"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-0978",
        "datePublished": "2014-01-10T17:00:00.000Z",
        "dateReserved": "2014-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:34:40.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-1236 (GCVE-0-2014-1236)

    Vulnerability from nvd – Published: 2014-01-10 15:00 – Updated: 2024-08-06 09:34
    VLAI
    Summary
    Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://seclists.org/oss-sec/2014/q1/51 mailing-listx_refsource_MLIST
    http://osvdb.org/101851 vdb-entryx_refsource_OSVDB
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://security.gentoo.org/glsa/201702-06 vendor-advisoryx_refsource_GENTOO
    http://seclists.org/oss-sec/2014/q1/54 mailing-listx_refsource_MLIST
    https://github.com/ellson/graphviz/commit/1d1bdec… x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-2843 vendor-advisoryx_refsource_DEBIAN
    http://seclists.org/oss-sec/2014/q1/46 mailing-listx_refsource_MLIST
    https://bugzilla.redhat.com/show_bug.cgi?id=1050872 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/64737 vdb-entryx_refsource_BID
    http://secunia.com/advisories/55666 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/56244 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2014-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:34:41.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/51"
              },
              {
                "name": "101851",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/101851"
              },
              {
                "name": "MDVSA-2014:024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:024"
              },
              {
                "name": "GLSA-201702-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201702-06"
              },
              {
                "name": "[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/54"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff"
              },
              {
                "name": "DSA-2843",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2843"
              },
              {
                "name": "[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/46"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050872"
              },
              {
                "name": "64737",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/64737"
              },
              {
                "name": "55666",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55666"
              },
              {
                "name": "56244",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/56244"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a \"badly formed number\" and a \"long digit list.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/51"
            },
            {
              "name": "101851",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/101851"
            },
            {
              "name": "MDVSA-2014:024",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:024"
            },
            {
              "name": "GLSA-201702-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201702-06"
            },
            {
              "name": "[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/54"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff"
            },
            {
              "name": "DSA-2843",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2843"
            },
            {
              "name": "[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/46"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050872"
            },
            {
              "name": "64737",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/64737"
            },
            {
              "name": "55666",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55666"
            },
            {
              "name": "56244",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/56244"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-1236",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a \"badly formed number\" and a \"long digit list.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/51"
                },
                {
                  "name": "101851",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/101851"
                },
                {
                  "name": "MDVSA-2014:024",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:024"
                },
                {
                  "name": "GLSA-201702-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201702-06"
                },
                {
                  "name": "[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/54"
                },
                {
                  "name": "https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff"
                },
                {
                  "name": "DSA-2843",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2843"
                },
                {
                  "name": "[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/46"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050872",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050872"
                },
                {
                  "name": "64737",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/64737"
                },
                {
                  "name": "55666",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/55666"
                },
                {
                  "name": "56244",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/56244"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-1236",
        "datePublished": "2014-01-10T15:00:00.000Z",
        "dateReserved": "2014-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:34:41.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4555 (GCVE-0-2008-4555)

    Vulnerability from nvd – Published: 2008-10-14 20:00 – Updated: 2024-08-07 10:17
    VLAI
    Summary
    Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200811-04.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/32186 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://roeehay.blogspot.com/2008/10/graphviz-buff… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/31648 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/497150/100… mailing-listx_refsource_BUGTRAQ
    http://bugs.gentoo.org/show_bug.cgi?id=240636 x_refsource_CONFIRM
    http://securityreason.com/securityalert/4409 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/32656 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-10-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:17:10.028Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200811-04",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200811-04.xml"
              },
              {
                "name": "32186",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32186"
              },
              {
                "name": "graphviz-pushsubg-bo(45765)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45765"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html"
              },
              {
                "name": "SUSE-SR:2008:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
              },
              {
                "name": "31648",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31648"
              },
              {
                "name": "20081008 Advisory: Graphviz Buffer Overflow Code Execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/497150/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=240636"
              },
              {
                "name": "4409",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4409"
              },
              {
                "name": "32656",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32656"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-10-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200811-04",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200811-04.xml"
            },
            {
              "name": "32186",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32186"
            },
            {
              "name": "graphviz-pushsubg-bo(45765)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45765"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html"
            },
            {
              "name": "SUSE-SR:2008:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
            },
            {
              "name": "31648",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31648"
            },
            {
              "name": "20081008 Advisory: Graphviz Buffer Overflow Code Execution",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/497150/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=240636"
            },
            {
              "name": "4409",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4409"
            },
            {
              "name": "32656",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32656"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4555",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200811-04",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200811-04.xml"
                },
                {
                  "name": "32186",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32186"
                },
                {
                  "name": "graphviz-pushsubg-bo(45765)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45765"
                },
                {
                  "name": "http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html",
                  "refsource": "MISC",
                  "url": "http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html"
                },
                {
                  "name": "SUSE-SR:2008:023",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
                },
                {
                  "name": "31648",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31648"
                },
                {
                  "name": "20081008 Advisory: Graphviz Buffer Overflow Code Execution",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/497150/100/0/threaded"
                },
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=240636",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=240636"
                },
                {
                  "name": "4409",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4409"
                },
                {
                  "name": "32656",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32656"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4555",
        "datePublished": "2008-10-14T20:00:00.000Z",
        "dateReserved": "2008-10-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:17:10.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-4803 (GCVE-0-2005-4803)

    Vulnerability from nvd – Published: 2006-05-17 17:00 – Updated: 2024-08-08 00:01
    VLAI
    Summary
    graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/15050 vdb-entryx_refsource_BID
    http://secunia.com/advisories/17121 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://usn.ubuntu.com/208-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/17207 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2005/dsa-857 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/17125 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-10-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:01:23.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "15050",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15050"
              },
              {
                "name": "17121",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17121"
              },
              {
                "name": "MDKSA-2005:188",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:188"
              },
              {
                "name": "USN-208-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/208-1/"
              },
              {
                "name": "17207",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17207"
              },
              {
                "name": "DSA-857",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-857"
              },
              {
                "name": "17125",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17125"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-10-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files.  NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues.  This is the correct identifier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "15050",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15050"
            },
            {
              "name": "17121",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17121"
            },
            {
              "name": "MDKSA-2005:188",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:188"
            },
            {
              "name": "USN-208-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/208-1/"
            },
            {
              "name": "17207",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17207"
            },
            {
              "name": "DSA-857",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-857"
            },
            {
              "name": "17125",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17125"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-4803",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files.  NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues.  This is the correct identifier."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "15050",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15050"
                },
                {
                  "name": "17121",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17121"
                },
                {
                  "name": "MDKSA-2005:188",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:188"
                },
                {
                  "name": "USN-208-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/208-1/"
                },
                {
                  "name": "17207",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17207"
                },
                {
                  "name": "DSA-857",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-857"
                },
                {
                  "name": "17125",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17125"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-4803",
        "datePublished": "2006-05-17T17:00:00.000Z",
        "dateReserved": "2006-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:01:23.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46045 (GCVE-0-2023-46045)

    Vulnerability from cvelistv5 – Published: 2024-02-02 00:00 – Updated: 2025-11-04 18:18
    VLAI
    Summary
    Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:18:36.138Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.com/graphviz/graphviz/-/issues/2441"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2024/Jan/73"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2024/02/01/2"
              },
              {
                "name": "20240220 Re: Buffer Overflow in graphviz via via a crafted config6a file",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Feb/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2024/Feb/24"
              },
              {
                "url": "http://packetstormsecurity.com/files/176816/graphviz-2.43.0-Buffer-Overflow-Code-Execution.html"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jan/73"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jan/62"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46045",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T17:21:09.339142Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-15T19:50:42.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-06T20:53:27.287Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gitlab.com/graphviz/graphviz/-/issues/2441"
            },
            {
              "url": "https://seclists.org/fulldisclosure/2024/Jan/73"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2024/02/01/2"
            },
            {
              "name": "20240220 Re: Buffer Overflow in graphviz via via a crafted config6a file",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2024/Feb/24"
            },
            {
              "url": "https://seclists.org/fulldisclosure/2024/Feb/24"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46045",
        "datePublished": "2024-02-02T00:00:00.000Z",
        "dateReserved": "2023-10-16T00:00:00.000Z",
        "dateUpdated": "2025-11-04T18:18:36.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-18032 (GCVE-0-2020-18032)

    Vulnerability from cvelistv5 – Published: 2021-04-29 17:20 – Updated: 2024-08-04 14:00
    VLAI
    Summary
    Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://gitlab.com/graphviz/graphviz/-/issues/1700 x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2021… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2021/dsa-4914 vendor-advisoryx_refsource_DEBIAN
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://security.gentoo.org/glsa/202107-04 vendor-advisoryx_refsource_GENTOO
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T14:00:48.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/graphviz/graphviz/-/issues/1700"
              },
              {
                "name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2659-1] graphviz security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html"
              },
              {
                "name": "DSA-4914",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4914"
              },
              {
                "name": "FEDORA-2021-5fb7be1fbf",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/"
              },
              {
                "name": "FEDORA-2021-ede783f2b6",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/"
              },
              {
                "name": "GLSA-202107-04",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202107-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the \"lib/common/shapes.c\" component."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-03T05:06:15.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/graphviz/graphviz/-/issues/1700"
            },
            {
              "name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2659-1] graphviz security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html"
            },
            {
              "name": "DSA-4914",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4914"
            },
            {
              "name": "FEDORA-2021-5fb7be1fbf",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/"
            },
            {
              "name": "FEDORA-2021-ede783f2b6",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/"
            },
            {
              "name": "GLSA-202107-04",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202107-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-18032",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the \"lib/common/shapes.c\" component."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/graphviz/graphviz/-/issues/1700",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/graphviz/graphviz/-/issues/1700"
                },
                {
                  "name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2659-1] graphviz security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html"
                },
                {
                  "name": "DSA-4914",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4914"
                },
                {
                  "name": "FEDORA-2021-5fb7be1fbf",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/"
                },
                {
                  "name": "FEDORA-2021-ede783f2b6",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/"
                },
                {
                  "name": "GLSA-202107-04",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202107-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-18032",
        "datePublished": "2021-04-29T17:20:02.000Z",
        "dateReserved": "2020-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T14:00:48.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11023 (GCVE-0-2019-11023)

    Vulnerability from cvelistv5 – Published: 2019-04-08 22:20 – Updated: 2024-08-04 22:40
    VLAI
    Summary
    The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:15.959Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/graphviz/graphviz/issues/1517"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://research.loginsoft.com/bugs/null-pointer-dereference-in-function-agroot/"
              },
              {
                "name": "FEDORA-2019-521e6c567c",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI3D5TQE3IMCSF5OUTXQL4GVKFCIY5JG/"
              },
              {
                "name": "FEDORA-2019-feeb1a2543",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLEAHLDJVMAEGA3YMC7KPKJ7ZPXNMJID/"
              },
              {
                "name": "openSUSE-SU-2019:1434",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00054.html"
              },
              {
                "name": "openSUSE-SU-2019:1459",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00065.html"
              },
              {
                "name": "openSUSE-SU-2020:0876",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00056.html"
              },
              {
                "name": "openSUSE-SU-2020:0906",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00065.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The agroot() function in cgraph\\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-29T23:06:08.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/graphviz/graphviz/issues/1517"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://research.loginsoft.com/bugs/null-pointer-dereference-in-function-agroot/"
            },
            {
              "name": "FEDORA-2019-521e6c567c",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI3D5TQE3IMCSF5OUTXQL4GVKFCIY5JG/"
            },
            {
              "name": "FEDORA-2019-feeb1a2543",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLEAHLDJVMAEGA3YMC7KPKJ7ZPXNMJID/"
            },
            {
              "name": "openSUSE-SU-2019:1434",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00054.html"
            },
            {
              "name": "openSUSE-SU-2019:1459",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00065.html"
            },
            {
              "name": "openSUSE-SU-2020:0876",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00056.html"
            },
            {
              "name": "openSUSE-SU-2020:0906",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00065.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-11023",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The agroot() function in cgraph\\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/graphviz/graphviz/issues/1517",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/graphviz/graphviz/issues/1517"
                },
                {
                  "name": "https://research.loginsoft.com/bugs/null-pointer-dereference-in-function-agroot/",
                  "refsource": "MISC",
                  "url": "https://research.loginsoft.com/bugs/null-pointer-dereference-in-function-agroot/"
                },
                {
                  "name": "FEDORA-2019-521e6c567c",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FI3D5TQE3IMCSF5OUTXQL4GVKFCIY5JG/"
                },
                {
                  "name": "FEDORA-2019-feeb1a2543",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLEAHLDJVMAEGA3YMC7KPKJ7ZPXNMJID/"
                },
                {
                  "name": "openSUSE-SU-2019:1434",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00054.html"
                },
                {
                  "name": "openSUSE-SU-2019:1459",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00065.html"
                },
                {
                  "name": "openSUSE-SU-2020:0876",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00056.html"
                },
                {
                  "name": "openSUSE-SU-2020:0906",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00065.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-11023",
        "datePublished": "2019-04-08T22:20:09.000Z",
        "dateReserved": "2019-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:40:15.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9904 (GCVE-0-2019-9904)

    Vulnerability from cvelistv5 – Published: 2019-03-21 17:43 – Updated: 2024-08-04 22:01
    VLAI
    Summary
    An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:01:55.186Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/graphviz/graphviz/issues/1512"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/"
              },
              {
                "name": "GLSA-202107-04",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202107-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in lib\\cdt\\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\\cgraph\\graph.c in libcgraph.a, related to agfstsubg in lib\\cgraph\\subg.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-03T05:06:17.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/graphviz/graphviz/issues/1512"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/"
            },
            {
              "name": "GLSA-202107-04",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202107-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-9904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in lib\\cdt\\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\\cgraph\\graph.c in libcgraph.a, related to agfstsubg in lib\\cgraph\\subg.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/graphviz/graphviz/issues/1512",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/graphviz/graphviz/issues/1512"
                },
                {
                  "name": "https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/",
                  "refsource": "MISC",
                  "url": "https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/"
                },
                {
                  "name": "GLSA-202107-04",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202107-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-9904",
        "datePublished": "2019-03-21T17:43:15.000Z",
        "dateReserved": "2019-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:01:55.186Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10196 (GCVE-0-2018-10196)

    Vulnerability from cvelistv5 – Published: 2018-05-30 21:00 – Updated: 2024-08-05 07:32
    VLAI
    Summary
    NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:32:01.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3731-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3731-1/"
              },
              {
                "name": "FEDORA-2018-fd850e033d",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TWUEEJPMS5LAROYJYY6FREOTI6VPN3M4/"
              },
              {
                "name": "FEDORA-2018-25674bb48e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VR2CT3LD52GWAQUZAOSEXSYE3O7HGN/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/graphviz/graphviz/issues/1367"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579254"
              },
              {
                "name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2659-1] graphviz security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-13T10:06:20.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3731-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3731-1/"
            },
            {
              "name": "FEDORA-2018-fd850e033d",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TWUEEJPMS5LAROYJYY6FREOTI6VPN3M4/"
            },
            {
              "name": "FEDORA-2018-25674bb48e",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VR2CT3LD52GWAQUZAOSEXSYE3O7HGN/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/graphviz/graphviz/issues/1367"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579254"
            },
            {
              "name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2659-1] graphviz security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-10196",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3731-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3731-1/"
                },
                {
                  "name": "FEDORA-2018-fd850e033d",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TWUEEJPMS5LAROYJYY6FREOTI6VPN3M4/"
                },
                {
                  "name": "FEDORA-2018-25674bb48e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VR2CT3LD52GWAQUZAOSEXSYE3O7HGN/"
                },
                {
                  "name": "https://gitlab.com/graphviz/graphviz/issues/1367",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/graphviz/graphviz/issues/1367"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1579254",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579254"
                },
                {
                  "name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2659-1] graphviz security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-10196",
        "datePublished": "2018-05-30T21:00:00.000Z",
        "dateReserved": "2018-04-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:32:01.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-1235 (GCVE-0-2014-1235)

    Vulnerability from cvelistv5 – Published: 2017-08-07 20:00 – Updated: 2024-08-06 09:34
    VLAI
    Summary
    Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:34:41.123Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201702-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201702-06"
              },
              {
                "name": "[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/54"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750"
              },
              {
                "name": "graphviz-cve20141235-bo(90198)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90198"
              },
              {
                "name": "64736",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/64736"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050871"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the \"yyerror\" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-201702-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201702-06"
            },
            {
              "name": "[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/54"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750"
            },
            {
              "name": "graphviz-cve20141235-bo(90198)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90198"
            },
            {
              "name": "64736",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/64736"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050871"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-1235",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the \"yyerror\" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201702-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201702-06"
                },
                {
                  "name": "[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/54"
                },
                {
                  "name": "https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750"
                },
                {
                  "name": "graphviz-cve20141235-bo(90198)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90198"
                },
                {
                  "name": "64736",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/64736"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050871",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050871"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-1235",
        "datePublished": "2017-08-07T20:00:00.000Z",
        "dateReserved": "2014-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:34:41.123Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9157 (GCVE-0-2014-9157)

    Vulnerability from cvelistv5 – Published: 2014-12-03 21:00 – Updated: 2024-08-06 13:33
    VLAI
    Summary
    Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://seclists.org/oss-sec/2014/q4/872 mailing-listx_refsource_MLIST
    http://advisories.mageia.org/MGASA-2014-0520.html x_refsource_CONFIRM
    http://www.securityfocus.com/bid/71283 vdb-entryx_refsource_BID
    https://github.com/ellson/graphviz/commit/99eda42… x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-3098 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/60166 third-party-advisoryx_refsource_SECUNIA
    http://seclists.org/oss-sec/2014/q4/784 mailing-listx_refsource_MLIST
    Date Public
    2014-11-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:33:13.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDVSA-2014:248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:248"
              },
              {
                "name": "graphviz-format-sting(98949)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98949"
              },
              {
                "name": "MDVSA-2015:187",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:187"
              },
              {
                "name": "[oss-security] 20141201 Re: Re: CVE Request: Graphviz format string vuln",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q4/872"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0520.html"
              },
              {
                "name": "71283",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/71283"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081"
              },
              {
                "name": "DSA-3098",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3098"
              },
              {
                "name": "60166",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60166"
              },
              {
                "name": "[oss-security] 20141125 CVE Request: Graphviz format string vuln",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q4/784"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-11-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-07T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "MDVSA-2014:248",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:248"
            },
            {
              "name": "graphviz-format-sting(98949)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98949"
            },
            {
              "name": "MDVSA-2015:187",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:187"
            },
            {
              "name": "[oss-security] 20141201 Re: Re: CVE Request: Graphviz format string vuln",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q4/872"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0520.html"
            },
            {
              "name": "71283",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/71283"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081"
            },
            {
              "name": "DSA-3098",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3098"
            },
            {
              "name": "60166",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60166"
            },
            {
              "name": "[oss-security] 20141125 CVE Request: Graphviz format string vuln",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q4/784"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-9157",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDVSA-2014:248",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:248"
                },
                {
                  "name": "graphviz-format-sting(98949)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98949"
                },
                {
                  "name": "MDVSA-2015:187",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:187"
                },
                {
                  "name": "[oss-security] 20141201 Re: Re: CVE Request: Graphviz format string vuln",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q4/872"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0520.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0520.html"
                },
                {
                  "name": "71283",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/71283"
                },
                {
                  "name": "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081"
                },
                {
                  "name": "DSA-3098",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3098"
                },
                {
                  "name": "60166",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60166"
                },
                {
                  "name": "[oss-security] 20141125 CVE Request: Graphviz format string vuln",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q4/784"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-9157",
        "datePublished": "2014-12-03T21:00:00.000Z",
        "dateReserved": "2014-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:33:13.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0978 (GCVE-0-2014-0978)

    Vulnerability from cvelistv5 – Published: 2014-01-10 17:00 – Updated: 2024-08-06 09:34
    VLAI
    Summary
    Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/bid/64674 vdb-entryx_refsource_BID
    https://bugzilla.redhat.com/show_bug.cgi?id=1049165 x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201702-06 vendor-advisoryx_refsource_GENTOO
    https://github.com/ellson/graphviz/commit/7aaddf5… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://seclists.org/oss-sec/2014/q1/28 mailing-listx_refsource_MLIST
    http://www.debian.org/security/2014/dsa-2843 vendor-advisoryx_refsource_DEBIAN
    https://bugs.gentoo.org/show_bug.cgi?id=497274 x_refsource_MISC
    http://seclists.org/oss-sec/2014/q1/38 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/55666 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/56244 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2014-01-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:34:40.951Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDVSA-2014:024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:024"
              },
              {
                "name": "64674",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/64674"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049165"
              },
              {
                "name": "GLSA-201702-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201702-06"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a"
              },
              {
                "name": "graphviz-yyerror-bo(90085)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90085"
              },
              {
                "name": "[oss-security] 20140107 CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/28"
              },
              {
                "name": "DSA-2843",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2843"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.gentoo.org/show_bug.cgi?id=497274"
              },
              {
                "name": "[oss-security] 20140107 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/38"
              },
              {
                "name": "55666",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55666"
              },
              {
                "name": "56244",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/56244"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-01-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "MDVSA-2014:024",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:024"
            },
            {
              "name": "64674",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/64674"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049165"
            },
            {
              "name": "GLSA-201702-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201702-06"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a"
            },
            {
              "name": "graphviz-yyerror-bo(90085)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90085"
            },
            {
              "name": "[oss-security] 20140107 CVE Request: graphviz: stack-based buffer overflow in yyerror()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/28"
            },
            {
              "name": "DSA-2843",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2843"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.gentoo.org/show_bug.cgi?id=497274"
            },
            {
              "name": "[oss-security] 20140107 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/38"
            },
            {
              "name": "55666",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55666"
            },
            {
              "name": "56244",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/56244"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-0978",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDVSA-2014:024",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:024"
                },
                {
                  "name": "64674",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/64674"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1049165",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049165"
                },
                {
                  "name": "GLSA-201702-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201702-06"
                },
                {
                  "name": "https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a"
                },
                {
                  "name": "graphviz-yyerror-bo(90085)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90085"
                },
                {
                  "name": "[oss-security] 20140107 CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/28"
                },
                {
                  "name": "DSA-2843",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2843"
                },
                {
                  "name": "https://bugs.gentoo.org/show_bug.cgi?id=497274",
                  "refsource": "MISC",
                  "url": "https://bugs.gentoo.org/show_bug.cgi?id=497274"
                },
                {
                  "name": "[oss-security] 20140107 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/38"
                },
                {
                  "name": "55666",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/55666"
                },
                {
                  "name": "56244",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/56244"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-0978",
        "datePublished": "2014-01-10T17:00:00.000Z",
        "dateReserved": "2014-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:34:40.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-1236 (GCVE-0-2014-1236)

    Vulnerability from cvelistv5 – Published: 2014-01-10 15:00 – Updated: 2024-08-06 09:34
    VLAI
    Summary
    Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://seclists.org/oss-sec/2014/q1/51 mailing-listx_refsource_MLIST
    http://osvdb.org/101851 vdb-entryx_refsource_OSVDB
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://security.gentoo.org/glsa/201702-06 vendor-advisoryx_refsource_GENTOO
    http://seclists.org/oss-sec/2014/q1/54 mailing-listx_refsource_MLIST
    https://github.com/ellson/graphviz/commit/1d1bdec… x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-2843 vendor-advisoryx_refsource_DEBIAN
    http://seclists.org/oss-sec/2014/q1/46 mailing-listx_refsource_MLIST
    https://bugzilla.redhat.com/show_bug.cgi?id=1050872 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/64737 vdb-entryx_refsource_BID
    http://secunia.com/advisories/55666 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/56244 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2014-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:34:41.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/51"
              },
              {
                "name": "101851",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/101851"
              },
              {
                "name": "MDVSA-2014:024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:024"
              },
              {
                "name": "GLSA-201702-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201702-06"
              },
              {
                "name": "[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/54"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff"
              },
              {
                "name": "DSA-2843",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2843"
              },
              {
                "name": "[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/46"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050872"
              },
              {
                "name": "64737",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/64737"
              },
              {
                "name": "55666",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55666"
              },
              {
                "name": "56244",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/56244"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a \"badly formed number\" and a \"long digit list.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/51"
            },
            {
              "name": "101851",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/101851"
            },
            {
              "name": "MDVSA-2014:024",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:024"
            },
            {
              "name": "GLSA-201702-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201702-06"
            },
            {
              "name": "[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/54"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff"
            },
            {
              "name": "DSA-2843",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2843"
            },
            {
              "name": "[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/46"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050872"
            },
            {
              "name": "64737",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/64737"
            },
            {
              "name": "55666",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55666"
            },
            {
              "name": "56244",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/56244"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-1236",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a \"badly formed number\" and a \"long digit list.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/51"
                },
                {
                  "name": "101851",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/101851"
                },
                {
                  "name": "MDVSA-2014:024",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:024"
                },
                {
                  "name": "GLSA-201702-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201702-06"
                },
                {
                  "name": "[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/54"
                },
                {
                  "name": "https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff"
                },
                {
                  "name": "DSA-2843",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2843"
                },
                {
                  "name": "[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/46"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050872",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050872"
                },
                {
                  "name": "64737",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/64737"
                },
                {
                  "name": "55666",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/55666"
                },
                {
                  "name": "56244",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/56244"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-1236",
        "datePublished": "2014-01-10T15:00:00.000Z",
        "dateReserved": "2014-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:34:41.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4555 (GCVE-0-2008-4555)

    Vulnerability from cvelistv5 – Published: 2008-10-14 20:00 – Updated: 2024-08-07 10:17
    VLAI
    Summary
    Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200811-04.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/32186 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://roeehay.blogspot.com/2008/10/graphviz-buff… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/31648 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/497150/100… mailing-listx_refsource_BUGTRAQ
    http://bugs.gentoo.org/show_bug.cgi?id=240636 x_refsource_CONFIRM
    http://securityreason.com/securityalert/4409 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/32656 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-10-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:17:10.028Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200811-04",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200811-04.xml"
              },
              {
                "name": "32186",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32186"
              },
              {
                "name": "graphviz-pushsubg-bo(45765)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45765"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html"
              },
              {
                "name": "SUSE-SR:2008:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
              },
              {
                "name": "31648",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31648"
              },
              {
                "name": "20081008 Advisory: Graphviz Buffer Overflow Code Execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/497150/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=240636"
              },
              {
                "name": "4409",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4409"
              },
              {
                "name": "32656",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32656"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-10-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200811-04",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200811-04.xml"
            },
            {
              "name": "32186",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32186"
            },
            {
              "name": "graphviz-pushsubg-bo(45765)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45765"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html"
            },
            {
              "name": "SUSE-SR:2008:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
            },
            {
              "name": "31648",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31648"
            },
            {
              "name": "20081008 Advisory: Graphviz Buffer Overflow Code Execution",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/497150/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=240636"
            },
            {
              "name": "4409",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4409"
            },
            {
              "name": "32656",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32656"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4555",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200811-04",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200811-04.xml"
                },
                {
                  "name": "32186",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32186"
                },
                {
                  "name": "graphviz-pushsubg-bo(45765)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45765"
                },
                {
                  "name": "http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html",
                  "refsource": "MISC",
                  "url": "http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html"
                },
                {
                  "name": "SUSE-SR:2008:023",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
                },
                {
                  "name": "31648",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31648"
                },
                {
                  "name": "20081008 Advisory: Graphviz Buffer Overflow Code Execution",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/497150/100/0/threaded"
                },
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=240636",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=240636"
                },
                {
                  "name": "4409",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4409"
                },
                {
                  "name": "32656",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32656"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4555",
        "datePublished": "2008-10-14T20:00:00.000Z",
        "dateReserved": "2008-10-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:17:10.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-4803 (GCVE-0-2005-4803)

    Vulnerability from cvelistv5 – Published: 2006-05-17 17:00 – Updated: 2024-08-08 00:01
    VLAI
    Summary
    graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/15050 vdb-entryx_refsource_BID
    http://secunia.com/advisories/17121 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://usn.ubuntu.com/208-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/17207 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2005/dsa-857 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/17125 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-10-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:01:23.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "15050",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15050"
              },
              {
                "name": "17121",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17121"
              },
              {
                "name": "MDKSA-2005:188",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:188"
              },
              {
                "name": "USN-208-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/208-1/"
              },
              {
                "name": "17207",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17207"
              },
              {
                "name": "DSA-857",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-857"
              },
              {
                "name": "17125",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17125"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-10-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files.  NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues.  This is the correct identifier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "15050",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15050"
            },
            {
              "name": "17121",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17121"
            },
            {
              "name": "MDKSA-2005:188",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:188"
            },
            {
              "name": "USN-208-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/208-1/"
            },
            {
              "name": "17207",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17207"
            },
            {
              "name": "DSA-857",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-857"
            },
            {
              "name": "17125",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17125"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-4803",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files.  NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues.  This is the correct identifier."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "15050",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15050"
                },
                {
                  "name": "17121",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17121"
                },
                {
                  "name": "MDKSA-2005:188",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:188"
                },
                {
                  "name": "USN-208-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/208-1/"
                },
                {
                  "name": "17207",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17207"
                },
                {
                  "name": "DSA-857",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-857"
                },
                {
                  "name": "17125",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17125"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-4803",
        "datePublished": "2006-05-17T17:00:00.000Z",
        "dateReserved": "2006-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:01:23.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }