CVE-2019-9904

graphviz/graphviz

on gitlab

Published

March 21, 2019

Severity

CVSS v3:

6.5 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.

References

https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/
https://gitlab.com/graphviz/graphviz/issues/1512
https://security.gentoo.org/glsa/202107-04

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:graphviz:graphviz:2.40.1:::::::*	n/a	n/a	2.40.1

External Links

NVD - CVE-2019-9904