Lucene search

[email protected]NVD:CVE-2014-0978

HistoryJan 10, 2014 - 5:55 p.m.

CVE-2014-0978

2014-01-1017:55:03

CWE-119

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.4%

JSON

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.

Affected configurations

NVD

Node

graphvizgraphvizMatch2.34.0

References

seclists.org/oss-sec/2014/q1/28

seclists.org/oss-sec/2014/q1/38

secunia.com/advisories/55666

secunia.com/advisories/56244

www.debian.org/security/2014/dsa-2843

www.mandriva.com/security/advisories?name=MDVSA-2014:024

www.securityfocus.com/bid/64674

bugs.gentoo.org/show_bug.cgi?id=497274

bugzilla.redhat.com/show_bug.cgi?id=1049165

exchange.xforce.ibmcloud.com/vulnerabilities/90085

github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a

security.gentoo.org/glsa/201702-06

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.4%

JSON

Related for NVD:CVE-2014-0978

nessus11 amazon4 prion2 openvas15 debiancve2 cvelist2 cve2 debian2 ubuntucve2 osv1 nvd1 mageia1 securityvulns2 fedora4 gentoo1 ubuntu1