Lucene search

[email protected]NVD:CVE-2020-18032

HistoryApr 29, 2021 - 6:15 p.m.

CVE-2020-18032

2021-04-2918:15:08

CWE-120

[email protected]

web.nvd.nist.gov

graphviz

buffer overflow

visualization tools

remote attackers

arbitrary code

denial of service

crafted file

component.

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

77.2%

JSON

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the “lib/common/shapes.c” component.

Affected configurations

Nvd

Node

graphvizgraphvizRange<2.46.0

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

fedoraprojectfedoraMatch33

fedoraprojectfedoraMatch34

VendorProductVersionCPE
graphvizgraphviz*cpe:2.3:a:graphviz:graphviz:*:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
graphviz	graphviz	*	cpe:2.3:a:graphviz:graphviz::::::::
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
fedoraproject	fedora	33	cpe:2.3:o:fedoraproject:fedora:33:::::::*
fedoraproject	fedora	34	cpe:2.3:o:fedoraproject:fedora:34:::::::*