7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Joshua Rogers discovered a format string vulnerability in the yyerror
function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing
tools. An attacker could use this flaw to cause graphviz to crash or
possibly execute arbitrary code.
For Debian 6 Squeeze, these issues have been fixed in graphviz version 2.26.3-5+squeeze3
CPE | Name | Operator | Version |
---|---|---|---|
graphviz | eq | 2.26.3-5+squeeze2 | |
graphviz | eq | 2.26.3-5 | |
graphviz | eq | 2.26.3-5+squeeze1 | |
graphviz | eq | 2.26.3-5+hurd.1 |