VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Apr 16, 2026

CVE-2005-4803

CVE-2005-4803

Description

Graphviz before 2.2.1 is vulnerable to arbitrary file overwrite via symlink attacks on temporary files due to insecure temp file handling.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Graphviz before 2.2.1 is vulnerable to arbitrary file overwrite via symlink attacks on temporary files due to insecure temp file handling.

Vulnerability

A symlink vulnerability exists in graphviz versions prior to 2.2.1. The software creates temporary files in an insecure manner, possibly in shared directories such as /tmp, without proper precautions against symbolic link attacks. This allows a local user to cause graphviz to overwrite arbitrary files on the system. The affected versions are all releases before 2.2.1 [1].

Exploitation

An attacker must have local access to the system and the ability to create symbolic links in a directory that graphviz uses for its temporary files. The attacker can predict or race to create a symlink with the same name as a temporary file that graphviz expects to create. When graphviz writes to that temporary file, the write operation follows the symlink and overwrites the target file specified by the attacker [1].

Impact

Successful exploitation allows a local attacker to overwrite arbitrary files on the system with the privileges of the user running graphviz. This could lead to denial of service, privilege escalation, or corruption of critical system or user files [1].

Mitigation

Upgrade to graphviz version 2.2.1 or later, where the insecure temporary file handling has been fixed. No workarounds are mentioned in the available references [1].

References
  1. About Secunia Research | Flexera

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

32
  • Graphviz/Graphviz27 versions
    cpe:2.3:a:graphviz:graphviz:*:*:*:*:*:*:*:*+ 26 more
    • cpe:2.3:a:graphviz:graphviz:*:*:*:*:*:*:*:*range: <=2.2
    • cpe:2.3:a:graphviz:graphviz:1.10_2003-09-15_0415_1:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.10_2003-09-15_0415_2:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.12.1:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.12.2:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.12.3:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.16.1:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.7.16.1:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.7.16.2:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.7.5_0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.7.5_0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.7.5_0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.7.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.7.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.7.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.7.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.7.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.7.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.7.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.8.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.8.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:graphviz:graphviz:1.8.9.1:*:*:*:*:*:*:*
    • (no CPE)range: <2.2.1
  • osv-coords5 versions
    pkg:apk/chainguard/py3.10-graphvizpkg:apk/chainguard/py3.11-graphvizpkg:apk/chainguard/py3.12-graphvizpkg:apk/chainguard/py3.13-graphvizpkg:apk/chainguard/py3-graphviz
    < 0+ 4 more
    • (no CPE)range: < 0
    • (no CPE)range: < 0
    • (no CPE)range: < 0
    • (no CPE)range: < 0
    • (no CPE)range: < 0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.