ellson/MOTHBALLED-graphviz

ellson/MOTHBALLED-graphviz

Releases69

Frequency2 weeks 3 days

Last Release over 9 years ago

Stars1.3K

Moved to https://gitlab.com/graphviz/graphviz

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2014-1235 ↗	Aug 7, 2017Monday, 7 August 2017, 20:29	—	6.8 MEDIUM
Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.
CVE-2014-9157 ↗	Dec 3, 2014Wednesday, 3 December 2014, 21:59	—	7.5 HIGH
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
CVE-2014-0978 ↗	Jan 10, 2014Friday, 10 January 2014, 17:55	—	9.3 HIGH
Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.
CVE-2014-1236 ↗	Jan 10, 2014Friday, 10 January 2014, 15:55	—	10 HIGH
Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."