CVE-2014-1236 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Graphviz

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow9 documents7 sources

Severity

10.0CRITICALNVD

EPSS

7.9%

top 7.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphviz Debian Graphviz

Timeline

PublishedJan 10

Latest updateMay 17

Description

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/graphviz< graphviz 2.26.3-16.1 (bookworm)

▶Debiangraphviz/graphviz< 2.26.3-16.1+3

▶NVDgraphviz/graphviz2.34.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-694q-c7vf-rw87: Stack-based buffer overflow in the chkNum function in lib/cgraph/scan↗2022-05-17

▶

OSV

CVE-2014-1236: Stack-based buffer overflow in the chkNum function in lib/cgraph/scan↗2014-01-10

▶

📋Vendor Advisories

Ubuntu

Graphviz vulnerabilities↗2014-01-16

▶

Red Hat

graphviz: stack-based buffer overflow in chkNum()↗2014-01-08

▶

Debian

CVE-2014-1236: graphviz - Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graph...↗2014

▶

💬Community

Bugzilla

CVE-2014-1236 graphviz: stack-based buffer overflow in chkNum()↗2014-01-09

▶

Bugzilla

CVE-2014-1235 CVE-2014-1236 graphviz: various flaws [fedora-all]↗2014-01-09

▶

Bugzilla

CVE-2014-1235 CVE-2014-1236 graphviz: various flaws [epel-5]↗2014-01-09

▶