Debian Graphviz vulnerabilities

CVE-2023-46045 [HIGH] CVE-2023-46045: graphviz - Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafte... Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.42.2-8) sid: resolved (fixed in 2.42.2-8) trixie: resolved (fixed in 2.42.2-8)

CVE-2020-18032 [HIGH] CVE-2020-18032: graphviz - Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 an... Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. Scope: local bookworm: resolved (fixed in 2.42.2-5) bullseye: resolved (fixed in 2.42.2-5) forky: resolved (fi

CVE-2019-11023 [HIGH] CVE-2019-11023: graphviz - The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1... The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-10196 [MEDIUM] CVE-2018-10196: graphviz - NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dot... NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 2.40.1-6) bullseye: resolved (fixed in 2.40.1-6) forky: resolved (fixed in 2.40.1-6) sid: resolved

CVE-2014-1235 [CRITICAL] CVE-2014-1235: graphviz - Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows ... Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978. Scope: local bookworm: resolved (fixed in 2.26.3-16.1) bullseye: resolved (fixed in 2.26.3-16.1)

CVE-2014-0978 [CRITICAL] CVE-2014-0978: graphviz - Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Grap... Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. Scope: local bookworm: resolved (fixed in 2.26.3-16) bullseye: resolved (fixed in 2.26.3-16) forky: resolved (fixed in 2.26.3-16) sid: resolved (fixed in 2.26.3-16) trixie: resolved (fixed in

CVE-2014-1236 [CRITICAL] CVE-2014-1236: graphviz - Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graph... Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list." Scope: local bookworm: resolved (fixed in 2.26.3-16.1) bullseye: resolved (fixed in 2.26.3-16.1) forky: resolved (fixed in 2.26.3-16.1) sid: resolved (

CVE-2014-9157 [HIGH] CVE-2014-9157: graphviz - Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Grap... Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string. Scope: local bookworm: resolved (fixed in 2.38.0-7) bullseye: resolved (fixed in 2.38.0-7) forky: resolved (fixed in 2.38.0-7) sid: r

CVE-2009-3736 [MEDIUM] CVE-2009-3736: bochs - ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham ... ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2008-4555 [HIGH] CVE-2008-4555: graphviz - Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/par... Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements. Scope: local bookworm: resolved (fixed in 2.20.2-3) bullseye:

CVE-2005-4803 [MEDIUM] CVE-2005-4803: graphviz - graphviz before 2.2.1 allows local users to overwrite arbitrary files via a syml... graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier. Scope: local bookworm: resolved (fixed in 2.2.1-1sarge1) bullseye: resolved (fixed