VYPR
Vendor

Graphviz

Products
1
CVEs
11
Across products
11
Status
Private

Products

1

Recent CVEs

11
  • CVE-2014-1235HigAug 7, 2017
    risk 0.44cvss 7.8epss 0.03

    Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.

  • CVE-2018-10196MedMay 30, 2018
    risk 0.36cvss 5.5epss 0.02

    NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.

  • CVE-2023-46045Feb 2, 2024
    risk 0.00cvss epss 0.01

    Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.

  • CVE-2020-18032Apr 29, 2021
    risk 0.00cvss epss 0.03

    Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.

  • CVE-2019-11023Apr 8, 2019
    risk 0.00cvss epss 0.05

    The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.

  • CVE-2019-9904Mar 21, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.

  • CVE-2014-9157Dec 3, 2014
    risk 0.00cvss epss 0.06

    Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

  • CVE-2014-0978Jan 10, 2014
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.

  • CVE-2014-1236Jan 10, 2014
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."

  • CVE-2008-4555Oct 14, 2008
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large…

  • CVE-2005-4803Dec 31, 2005
    risk 0.00cvss epss 0.00

    graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct…