Lucene search
HistoryDec 31, 2005 - 5:00 a.m.
CVE-2005-4803
CVSS2
3.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
AI Score
6.1
Confidence
Low
EPSS
0.003
Percentile
66.0%
graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.
Affected configurations
Node
graphvizgraphvizRange≤2.2
ORgraphvizgraphvizMatch1.5.1
ORgraphvizgraphvizMatch1.5.2
ORgraphvizgraphvizMatch1.5.3
ORgraphvizgraphvizMatch1.7.5.1
ORgraphvizgraphvizMatch1.7.5.2
ORgraphvizgraphvizMatch1.7.5.3
ORgraphvizgraphvizMatch1.7.5.4
ORgraphvizgraphvizMatch1.7.5.5
ORgraphvizgraphvizMatch1.7.5.6
ORgraphvizgraphvizMatch1.7.5.7
ORgraphvizgraphvizMatch1.7.5_0.1
ORgraphvizgraphvizMatch1.7.5_0.2
ORgraphvizgraphvizMatch1.7.5_0.3
ORgraphvizgraphvizMatch1.7.16.1
ORgraphvizgraphvizMatch1.7.16.2
ORgraphvizgraphvizMatch1.8.5.1
ORgraphvizgraphvizMatch1.8.5.2
ORgraphvizgraphvizMatch1.8.9.1
ORgraphvizgraphvizMatch1.10_2003-09-15_0415_1
ORgraphvizgraphvizMatch1.10_2003-09-15_0415_2
ORgraphvizgraphvizMatch1.12.1
ORgraphvizgraphvizMatch1.12.2
ORgraphvizgraphvizMatch1.12.3
ORgraphvizgraphvizMatch1.14.1
ORgraphvizgraphvizMatch1.16.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| graphviz | graphviz | * | cpe:2.3:a:graphviz:graphviz:*:*:*:*:*:*:*:* |
| graphviz | graphviz | 1.5.1 | cpe:2.3:a:graphviz:graphviz:1.5.1:*:*:*:*:*:*:* |
| graphviz | graphviz | 1.5.2 | cpe:2.3:a:graphviz:graphviz:1.5.2:*:*:*:*:*:*:* |
| graphviz | graphviz | 1.5.3 | cpe:2.3:a:graphviz:graphviz:1.5.3:*:*:*:*:*:*:* |
| graphviz | graphviz | 1.7.5.1 | cpe:2.3:a:graphviz:graphviz:1.7.5.1:*:*:*:*:*:*:* |
| graphviz | graphviz | 1.7.5.2 | cpe:2.3:a:graphviz:graphviz:1.7.5.2:*:*:*:*:*:*:* |
| graphviz | graphviz | 1.7.5.3 | cpe:2.3:a:graphviz:graphviz:1.7.5.3:*:*:*:*:*:*:* |
| graphviz | graphviz | 1.7.5.4 | cpe:2.3:a:graphviz:graphviz:1.7.5.4:*:*:*:*:*:*:* |
| graphviz | graphviz | 1.7.5.5 | cpe:2.3:a:graphviz:graphviz:1.7.5.5:*:*:*:*:*:*:* |
| graphviz | graphviz | 1.7.5.6 | cpe:2.3:a:graphviz:graphviz:1.7.5.6:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2005-4803
2006-05-17 17:00:00
CVE-2005-2965
2005-10-12 13:04:00
cvelist
cvelist
CVE-2005-4803
2006-05-17 17:00:00
CVE-2005-2965
2005-10-11 04:00:00
ubuntucve
ubuntucve
CVE-2005-4803
2005-12-31 00:00:00
debiancve
debiancve
CVE-2005-4803
2006-05-17 17:00:00
nvd
nvd
CVE-2005-2965
2005-10-12 13:04:00
securityvulns
securityvulns
flexbackup default config insecure temporary file creation
2005-10-19 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-208-1)
2022-08-26 00:00:00
Debian Security Advisory DSA 857-1 (graphviz)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-857-1)
2008-01-17 00:00:00
ubuntu
ubuntu
graphviz vulnerability
2005-10-17 00:00:00
debian
debian
[SECURITY] [DSA 857-1] New graphviz packages fix insecure temporary file
2005-10-10 06:43:55
[SECURITY] [DSA 857-1] New graphviz packages fix insecure temporary file
2005-10-10 06:43:55
nessus
nessus
Ubuntu 5.04 : graphviz vulnerability (USN-208-1)
2006-01-15 00:00:00
Debian DSA-857-1 : graphviz - insecure temporary file
2005-10-11 00:00:00
Mandrake Linux Security Advisory : graphviz (MDKSA-2005:188)
2006-01-15 00:00:00
CVSS2
3.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
AI Score
6.1
Confidence
Low
EPSS
0.003
Percentile
66.0%
Related for NVD:CVE-2005-4803