Stack-based buffer overflow in the “yyerror” function in Graphviz 2.34.0
allows remote attackers to execute arbitrary code or cause a denial of
service (application crash) via a crafted file. NOTE: This vulnerability
exists due to an incomplete fix for CVE-2014-0978.
Author | Note |
---|---|
mdeslaur | introduced by patch for CVE-2014-0978 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | graphviz | < 2.20.2-8ubuntu3.1 | UNKNOWN |
ubuntu | 12.04 | noarch | graphviz | < 2.26.3-10ubuntu1.1 | UNKNOWN |
ubuntu | 12.10 | noarch | graphviz | < 2.26.3-12ubuntu1.1 | UNKNOWN |
ubuntu | 13.04 | noarch | graphviz | < 2.26.3-14ubuntu1.1 | UNKNOWN |
ubuntu | 13.10 | noarch | graphviz | < 2.26.3-15ubuntu4.1 | UNKNOWN |