High severity8.8NVD Advisory· Published Apr 8, 2019· Updated Jun 17, 2026
CVE-2019-11023
CVE-2019-11023
Description
The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24- osv-coords22 versionspkg:rpm/opensuse/graphviz-addons&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/graphviz-addons&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/graphviz-addons&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/graphviz&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/graphviz&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/graphviz&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/graphviz&distro=openSUSE%20Tumbleweedpkg:rpm/suse/graphviz-addons&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015pkg:rpm/suse/graphviz-addons&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1pkg:rpm/suse/graphviz-addons&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2pkg:rpm/suse/graphviz-addons&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/graphviz-addons&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/graphviz-addons&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/graphviz-addons&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015pkg:rpm/suse/graphviz-addons&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1pkg:rpm/suse/graphviz-addons&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2pkg:rpm/suse/graphviz-addons&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/graphviz-addons&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/graphviz-addons&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/graphviz&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/graphviz&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/graphviz&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2
< 2.40.1-lp150.5.3.1+ 21 more
- (no CPE)range: < 2.40.1-lp150.5.3.1
- (no CPE)range: < 2.40.1-lp151.6.3.1
- (no CPE)range: < 2.40.1-lp152.7.3.1
- (no CPE)range: < 2.40.1-lp150.5.3.1
- (no CPE)range: < 2.40.1-lp151.6.3.1
- (no CPE)range: < 2.40.1-lp152.7.2.1
- (no CPE)range: < 2.48.0-4.2
- (no CPE)range: < 2.40.1-6.3.2
- (no CPE)range: < 2.40.1-6.3.2
- (no CPE)range: < 2.40.1-6.3.2
- (no CPE)range: < 2.40.1-6.3.2
- (no CPE)range: < 2.40.1-6.3.2
- (no CPE)range: < 2.40.1-6.3.2
- (no CPE)range: < 2.40.1-6.3.2
- (no CPE)range: < 2.40.1-6.3.2
- (no CPE)range: < 2.40.1-6.3.2
- (no CPE)range: < 2.40.1-6.3.2
- (no CPE)range: < 2.40.1-6.3.2
- (no CPE)range: < 2.40.1-6.3.2
- (no CPE)range: < 2.40.1-6.3.2
- (no CPE)range: < 2.40.1-6.3.2
- (no CPE)range: < 2.40.1-6.3.2
Patches
Vulnerability mechanics
References
8- gitlab.com/graphviz/graphviz/issues/1517nvdExploitThird Party Advisory
- research.loginsoft.com/bugs/null-pointer-dereference-in-function-agroot/nvdExploitThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2019-05/msg00054.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2019-05/msg00065.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2020-06/msg00056.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2020-06/msg00065.htmlnvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLEAHLDJVMAEGA3YMC7KPKJ7ZPXNMJID/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI3D5TQE3IMCSF5OUTXQL4GVKFCIY5JG/nvd
News mentions
0No linked articles in our index yet.