CVE-2020-18032

🗓️ 29 Apr 2021 17:20:02Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 575 Views

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component

Reporter	Title	Published	Views	Family All 101
Amazon	Medium: graphviz	13 Jul 202100:00	–	amazon
Tenable Nessus	Amazon Linux AMI : graphviz (ALAS-2021-1513)	13 Jul 202100:00	–	nessus
Tenable Nessus	AlmaLinux 8 : graphviz (ALSA-2021:4256)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : graphviz (CESA-2021:4256)	11 Nov 202100:00	–	nessus
Tenable Nessus	Debian DLA-2659-1 : graphviz security update	14 May 202100:00	–	nessus
Tenable Nessus	Debian DSA-4914-1 : graphviz - security update	14 May 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : graphviz (EulerOS-SA-2021-2296)	9 Aug 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : graphviz (EulerOS-SA-2021-2375)	14 Sep 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : graphviz (EulerOS-SA-2021-2498)	27 Sep 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : graphviz (EulerOS-SA-2021-2528)	27 Sep 202100:00	–	nessus

NVD

Node

graphviz graphvizRange<2.46.0

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

Node

fedoraproject fedoraMatch33

fedoraproject fedoraMatch34

Source	Link
gitlab	www.gitlab.com/graphviz/graphviz/-/issues/1700
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/
lists	www.lists.debian.org/debian-lts-announce/2021/05/msg00014.html
security	www.security.gentoo.org/glsa/202107-04
debian	www.debian.org/security/2021/dsa-4914

21 Nov 2024 05:08Current

8High risk

Vulners AI Score8

CVSS 26.8

CVSS 3.17.8

EPSS0.02618

CWE-120