CVE-2014-0978Improper Restriction of Operations within the Bounds of a Memory Buffer in Graphviz

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer Overflow13 documents7 sources
Severity
9.3CRITICALNVD
NVD7.8
EPSS
6.5%
top 8.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GraphvizDebian Graphviz
Timeline
PublishedJan 10
Latest updateMay 17

Description

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

debiandebian/graphviz< graphviz 2.26.3-16.1 (bookworm)+1
Debiangraphviz/graphviz< 2.26.3-16.1+7
NVDgraphviz/graphviz2.34.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-m2jh-3vm2-49rv: Stack-based buffer overflow in the yyerror function in lib/cgraph/scan2022-05-17
GHSA
GHSA-w89c-3qr4-xm84: Stack-based buffer overflow in the "yyerror" function in Graphviz 22022-05-17
OSV
CVE-2014-1235: Stack-based buffer overflow in the "yyerror" function in Graphviz 22017-08-07
OSV
CVE-2014-0978: Stack-based buffer overflow in the yyerror function in lib/cgraph/scan2014-01-10

📋Vendor Advisories

5
Ubuntu
Graphviz vulnerabilities2014-01-16
Red Hat
graphviz: buffer overflow in yyerror() due to improper fix for CVE-2014-09782014-01-08
Red Hat
graphviz: stack-based buffer overflow in yyerror()2014-01-06
Debian
CVE-2014-1235: graphviz - Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows ...2014
Debian
CVE-2014-0978: graphviz - Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Grap...2014

💬Community

2
Bugzilla
CVE-2014-1235 graphviz: buffer overflow in yyerror() due to improper fix for CVE-2014-09782014-01-09
Bugzilla
CVE-2014-0978 graphviz: stack-based buffer overflow in yyerror()2014-01-07