MiracleLinux 8 : graphviz-2.40.1-43.el8 (AXSA:2021-2661:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2661:01 advisory. graphviz: off-by-one in parsereclbl in lib/common/shapes.c CVE-2020-18032 Tenable has extracted the preceding description block directly from the MiracleLinu...

graphviz: off-by-one in parse_reclbl() in lib/common/shapes.c

A flaw was found in graphviz. A wrong assumption in recordinit function leads to an off-by-one write in parsereclbl function, allowing an attacker who can provide graph input to potentially execute code when the label of a node is invalid and shorter than two characters. The highest threat from...