CVE-2023-46045 — Out-of-bounds Read in Graphviz

CWE-125 — Out-of-bounds Read6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 87.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphviz Debian Graphviz Msrc Azl3 Graphviz 2.42.4-12 ON Azure Linux 3.0 +1 more

Timeline

PublishedFeb 2

Latest updateMar 21

Description

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶debiandebian/graphviz< graphviz 2.42.2-8 (forky)

▶NVDgraphviz/graphviz2.36.0 — 10.0.0

▶Debiangraphviz/graphviz< 2.42.2-8+1

▶msrcmsrc/azl3_graphviz_2.42.4-12_on_azure_linux_3.0

▶msrcmsrc/cbl2_graphviz_2.42.4-10_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

CVE-2023-46045: Graphviz 2↗2024-02-02

▶

GHSA

GHSA-xpmp-64jj-f5gg: Graphviz 2↗2024-02-02

▶

📋Vendor Advisories

Ubuntu

Graphviz vulnerability↗2024-03-21

▶

Microsoft

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.↗2024-02-13

▶

Debian

CVE-2023-46045: graphviz - Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafte...↗2023

▶