12 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-1236
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors relate...
RHEL 6 : graphviz (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - graphviz: stack-based buffer overflow in chkNum CVE-2014-1236 - graphviz: recursive function call in...
Fedora 19 : graphviz-2.30.1-12.fc19 (2014-0621)
This is an update that fixes CVE-2014-1235 and CVE-2014-1236. This is an update that fixes overflow in yyerror. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it a...
Fedora 20 : graphviz-2.34.0-8.fc20 (2014-0602)
This is an update fixing CVE-2014-1235 and CVE-2014-1236. This is an update that fixes overflow in yyerror. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as mu...
Ubuntu: Security Advisory (USN-2083-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : graphviz vulnerabilities (USN-2083-1)
It was discovered that Graphviz incorrectly handled memory in the yyerror function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. CVE-2014-0978, CVE-2014-1235 It was discovered that Graphviz...
[SECURITY] [DSA 2843-1] graphviz security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2843-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 13, 2014 http://www.debian.org/security/faq -...
Debian DSA-2843-1 : graphviz - buffer overflow
Two buffer overflow vulnerabilities were reported in Graphviz, a rich collection of graph drawing tools. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2014-0978 It was discovered that user-supplied input used in the yyerror function in lib/cgraph/scan.l ...
[SECURITY] [DSA 2843-1] graphviz security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2843-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 13, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2843-1] graphviz security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2843-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 13, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2843-1 (graphviz - buffer overflow)
Two buffer overflow vulnerabilities were reported in Graphviz, a rich collection of graph drawing tools. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-0978 It was discovered that user-supplied input used in the yyerror function in lib/cgraph/scan.l is...
CVE-2014-1236
Summary (CVE-2014-1236) : Graphviz 2.34.0 is affected by a stack-based buffer overflow in chkNum (lib/cgraph/scan.l) that can be triggered by a badly formed number or long digit list, enabling remote attackers to cause unspecified impact. Connected advisories confirm this vulnerability and note a...