9.3

CVE-2014-0978

Exploit
Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GraphvizGraphviz Version2.34.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.89% 0.909
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/55666
Vendor Advisory
http://secunia.com/advisories/56244
http://www.debian.org/security/2014/dsa-2843
http://www.mandriva.com/security/advisories?name=MDVSA-2014:024
https://security.gentoo.org/glsa/201702-06
http://seclists.org/oss-sec/2014/q1/28
http://seclists.org/oss-sec/2014/q1/38
http://www.securityfocus.com/bid/64674
https://bugs.gentoo.org/show_bug.cgi?id=497274
https://bugzilla.redhat.com/show_bug.cgi?id=1049165
https://exchange.xforce.ibmcloud.com/vulnerabilities/90085
https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a
Patch
Exploit