Unrated severityNVD Advisory· Published Jan 10, 2014· Updated Apr 29, 2026

CVE-2014-1236

Description

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."

Affected products

Graphviz/Graphviz
cpe:2.3:a:graphviz:graphviz:2.34.0:*:*:*:*:*:*:*

Patches

1d1bdec63187

https://github.com/ellson/graphvizvia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ffnvdExploitPatch
secunia.com/advisories/55666nvdVendor Advisory
osvdb.org/101851nvd
seclists.org/oss-sec/2014/q1/46nvd
seclists.org/oss-sec/2014/q1/51nvd
seclists.org/oss-sec/2014/q1/54nvd
secunia.com/advisories/56244nvd
www.debian.org/security/2014/dsa-2843nvd
www.mandriva.com/security/advisoriesnvd
www.securityfocus.com/bid/64737nvd
bugzilla.redhat.com/show_bug.cginvd
security.gentoo.org/glsa/201702-06nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000