Unrated severityNVD Advisory· Published Dec 3, 2014· Updated May 6, 2026
CVE-2014-9157
CVE-2014-9157
Description
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
Affected products
3cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- seclists.org/oss-sec/2014/q4/784nvdExploitMailing ListThird Party Advisory
- seclists.org/oss-sec/2014/q4/872nvdExploitMailing ListThird Party Advisory
- github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081nvdExploitThird Party Advisory
- advisories.mageia.org/MGASA-2014-0520.htmlnvdThird Party Advisory
- www.debian.org/security/2014/dsa-3098nvdThird Party Advisory
- www.securityfocus.com/bid/71283nvdBroken LinkThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/98949nvdThird Party AdvisoryVDB Entry
- secunia.com/advisories/60166nvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
News mentions
0No linked articles in our index yet.