CVE-2005-4803 — Graphviz vulnerability

4 documents4 sources

Severity

3.6LOWNVD

OSV4.6

EPSS

0.1%

top 80.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphviz Debian Graphviz

Timeline

PublishedDec 31

Latest updateMay 1

Description

graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/graphviz< graphviz 2.2.1-1sarge1 (bookworm)

▶Debiangraphviz/graphviz< 2.2.1-1sarge1+3

▶NVDgraphviz/graphviz2.2+25

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-mfg4-vc2f-7p24: graphviz before 2↗2022-05-01

▶

OSV

CVE-2005-4803: graphviz before 2↗2005-12-31

▶

📋Vendor Advisories

Debian

CVE-2005-4803: graphviz - graphviz before 2.2.1 allows local users to overwrite arbitrary files via a syml...↗2005

▶