CVE-2023-46045

graphviz/graphviz

on gitlab

Published

February 2, 2024

Severity

CVSS v3:

7.8 HIGH

CVSS v2:

N/A

Description

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.

References

https://gitlab.com/graphviz/graphviz/-/issues/2441
https://seclists.org/fulldisclosure/2024/Jan/73
https://www.openwall.com/lists/oss-security/2024/02/01/2
http://seclists.org/fulldisclosure/2024/Feb/24
https://seclists.org/fulldisclosure/2024/Feb/24

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:graphviz:graphviz::::::::	2.36.0 (including)	10.0.0	*

External Links

NVD - CVE-2023-46045