7.5

CVE-2014-9157

Exploit

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

Data is provided by the National Vulnerability Database (NVD)
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
GraphvizGraphviz Version < 2.42.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.9% 0.825
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://seclists.org/oss-sec/2014/q4/784
Third Party Advisory
Exploit
Mailing List
http://seclists.org/oss-sec/2014/q4/872
Third Party Advisory
Exploit
Mailing List
http://www.securityfocus.com/bid/71283
Third Party Advisory
Broken Link
VDB Entry