Unrated severityNVD Advisory· Published Jan 10, 2014· Updated Apr 29, 2026

CVE-2014-0978

Description

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.

Affected products

Graphviz/Graphviz
cpe:2.3:a:graphviz:graphviz:2.34.0:*:*:*:*:*:*:*

Patches

7aaddf52cd98

https://github.com/ellson/graphvizvia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438anvdExploitPatch
secunia.com/advisories/55666nvdVendor Advisory
seclists.org/oss-sec/2014/q1/28nvd
seclists.org/oss-sec/2014/q1/38nvd
secunia.com/advisories/56244nvd
www.debian.org/security/2014/dsa-2843nvd
www.mandriva.com/security/advisoriesnvd
www.securityfocus.com/bid/64674nvd
bugs.gentoo.org/show_bug.cginvd
bugzilla.redhat.com/show_bug.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/90085nvd
security.gentoo.org/glsa/201702-06nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000