High severity7.8NVD Advisory· Published Aug 7, 2017· Updated May 13, 2026

CVE-2014-1235

Description

Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.

Affected products

Graphviz/Graphviz
cpe:2.3:a:graphviz:graphviz:2.34.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750nvdIssue TrackingPatchThird Party Advisory
security.gentoo.org/glsa/201702-06nvdMitigationPatchThird Party AdvisoryVDB Entry
seclists.org/oss-sec/2014/q1/54nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/64736nvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/90198nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000