Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 11 results


CVE-2023-46045

Medium priority

Some fixes available 5 of 7

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.

1 affected packages

graphviz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
graphviz Needs evaluation Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-18032

Medium priority

Some fixes available 4 of 7

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the...

1 affected packages

graphviz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
graphviz Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2019-11023

Low priority

Some fixes available 3 of 9

The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.

1 affected packages

graphviz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
graphviz Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-9904

Low priority
Vulnerable

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.

1 affected packages

graphviz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
graphviz Needs evaluation Needs evaluation Needs evaluation Needs evaluation Vulnerable
Show less packages

CVE-2018-10196

Low priority

Some fixes available 3 of 5

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.

1 affected packages

graphviz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
graphviz Not affected Not affected Fixed Fixed
Show less packages

CVE-2014-9157

Medium priority
Fixed

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

1 affected packages

graphviz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
graphviz
Show less packages

CVE-2014-1236

Medium priority
Fixed

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."

1 affected packages

graphviz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
graphviz
Show less packages

CVE-2014-0978

Medium priority
Fixed

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.

1 affected packages

graphviz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
graphviz
Show less packages

CVE-2014-1235

Medium priority
Fixed

Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due...

1 affected packages

graphviz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
graphviz
Show less packages

CVE-2008-4555

Low priority
Ignored

Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or...

1 affected packages

graphviz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
graphviz
Show less packages