apk package
chainguard/lua5.4-graphviz
pkg:apk/chainguard/lua5.4-graphviz
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-46045 | — | < 10.0.1-r0 | 10.0.1-r0 | Feb 2, 2024 | Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. | ||
| CVE-2014-9157 | — | < 0 | 0 | Dec 3, 2014 | Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string. |
- CVE-2023-46045Feb 2, 2024affected < 10.0.1-r0fixed 10.0.1-r0
Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.
- CVE-2014-9157Dec 3, 2014affected < 0fixed 0
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.