Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
graphviz graphviz - vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2014-1236
Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote malicious users to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."
Graphviz Graphviz 2.34.0
828
VMScore
CVE-2014-1243
Apple QuickTime prior to 7.7.5 does not initialize an unspecified pointer, which allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file.
Apple Quicktime 7.0.0
Apple Quicktime 7.0.1
Apple Quicktime 7.0.2
Apple Quicktime 7.0.3
Apple Quicktime 7.0.4
Apple Quicktime 7.4.0
Apple Quicktime 7.4.1
Apple Quicktime 7.4.5
Apple Quicktime 7.5.0
Apple Quicktime 7.66.71.0
Apple Quicktime 7.67.75.0
Apple Quicktime 7.68.75.0
Apple Quicktime 7.69.80.9
Apple Quicktime
Apple Quicktime 7.1.1
Apple Quicktime 7.1.3
Apple Quicktime 7.2.1
Apple Quicktime 7.3.1
Apple Quicktime 7.6.0
Apple Quicktime 7.6.2
Apple Quicktime 7.62.14.0
Apple Quicktime 7.65.17.80
828
VMScore
CVE-2014-0978
Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote malicious users to have unspecified impact via a long line in a dot file.
Graphviz Graphviz 2.34.0
756
VMScore
CVE-2008-4555
Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote malicious users to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a l...
Graphviz Graphviz 2.20.0
Graphviz Graphviz 2.4
Graphviz Graphviz 2.18
Graphviz Graphviz 1.7.5 0.1
Graphviz Graphviz 1.8.9.1
Graphviz Graphviz 2.2.2
Graphviz Graphviz 1.7.5.3
Graphviz Graphviz 1.7.5.4
Graphviz Graphviz 1.14.1
Graphviz Graphviz 1.12.3
Graphviz Graphviz 2.10
Graphviz Graphviz 2.12
Graphviz Graphviz 1.7.5 0.2
Graphviz Graphviz 1.7.5 0.3
Graphviz Graphviz 1.7.5.6
Graphviz Graphviz 1.7.16.1
Graphviz Graphviz 1.10 2003-09-15 0415 2
Graphviz Graphviz 1.10 2003-09-15 0415 1
Graphviz Graphviz 1.5.2
Graphviz Graphviz
Graphviz Graphviz 2.20.1
Graphviz Graphviz 2.14
668
VMScore
CVE-2021-23352
This affects the package madge prior to 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.
Madge Project Madge
668
VMScore
CVE-2014-9157
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote malicious users to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Graphviz Graphviz -
605
VMScore
CVE-2020-18032
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and previous versions allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" componen...
Graphviz Graphviz
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
605
VMScore
CVE-2019-11023
The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.
Graphviz Graphviz 2.39.20160612.1140
605
VMScore
CVE-2014-1235
Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-09...
Graphviz Graphviz 2.34.0
605
VMScore
CVE-2003-0602
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x prior to 2.16.3 and 2.17.x prior to 2.17.4 allow remote malicious users to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA ...
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.17.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »