7.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.052 Low
EPSS
Percentile
92.8%
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 8.0 | |
debian_linux | eq | 7.0 |
advisories.mageia.org/MGASA-2014-0520.html
seclists.org/oss-sec/2014/q4/784
seclists.org/oss-sec/2014/q4/872
secunia.com/advisories/60166
www.debian.org/security/2014/dsa-3098
www.mandriva.com/security/advisories?name=MDVSA-2014:248
www.mandriva.com/security/advisories?name=MDVSA-2015:187
www.securityfocus.com/bid/71283
exchange.xforce.ibmcloud.com/vulnerabilities/98949
github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081