DebianDEBIAN:DLA-105-1:8A657[SECURITY] [DLA 105-1] graphviz security update
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.052 Low
EPSS
Percentile
93.0%
Package : graphviz
Version : 2.26.3-5+squeeze3
CVE ID : CVE-2014-9157
Debian Bug : 772648
Joshua Rogers discovered a format string vulnerability in the yyerror
function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing
tools. An attacker could use this flaw to cause graphviz to crash or
possibly execute arbitrary code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 6 | all | libgv-ocaml | < 2.26.3-5+squeeze3 | libgv-ocaml_2.26.3-5+squeeze3_all.deb |
| Debian | 6 | all | libcgraph5 | < 2.26.3-5+squeeze3 | libcgraph5_2.26.3-5+squeeze3_all.deb |
| Debian | 6 | all | libpathplan4 | < 2.26.3-5+squeeze3 | libpathplan4_2.26.3-5+squeeze3_all.deb |
| Debian | 6 | all | libgv-ruby | < 2.26.3-5+squeeze3 | libgv-ruby_2.26.3-5+squeeze3_all.deb |
| Debian | 6 | all | libgv-guile | < 2.26.3-5+squeeze3 | libgv-guile_2.26.3-5+squeeze3_all.deb |
| Debian | 6 | all | libgv-python | < 2.26.3-5+squeeze3 | libgv-python_2.26.3-5+squeeze3_all.deb |
| Debian | 6 | all | libcdt4 | < 2.26.3-5+squeeze3 | libcdt4_2.26.3-5+squeeze3_all.deb |
| Debian | 6 | all | graphviz-dev | < 2.26.3-5+squeeze3 | graphviz-dev_2.26.3-5+squeeze3_all.deb |
| Debian | 6 | all | libgv-php5 | < 2.26.3-5+squeeze3 | libgv-php5_2.26.3-5+squeeze3_all.deb |
| Debian | 6 | all | libgvc5-plugins-gtk | < 2.26.3-5+squeeze3 | libgvc5-plugins-gtk_2.26.3-5+squeeze3_all.deb |
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.052 Low
EPSS
Percentile
93.0%