Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
graphviz vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2014-1236
Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote malicious users to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."
Graphviz Graphviz 2.34.0
9.3
CVSSv2
CVE-2014-1243
Apple QuickTime prior to 7.7.5 does not initialize an unspecified pointer, which allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file.
Apple Quicktime 7.0.0
Apple Quicktime 7.0.1
Apple Quicktime 7.0.2
Apple Quicktime 7.0.3
Apple Quicktime 7.0.4
Apple Quicktime 7.4.0
Apple Quicktime 7.4.1
Apple Quicktime 7.4.5
Apple Quicktime 7.5.0
Apple Quicktime 7.66.71.0
Apple Quicktime 7.67.75.0
Apple Quicktime 7.68.75.0
Apple Quicktime 7.69.80.9
Apple Quicktime
Apple Quicktime 7.1.1
Apple Quicktime 7.1.3
Apple Quicktime 7.2.1
Apple Quicktime 7.3.1
Apple Quicktime 7.6.0
Apple Quicktime 7.6.2
Apple Quicktime 7.62.14.0
Apple Quicktime 7.65.17.80
9.3
CVSSv2
CVE-2014-0978
Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote malicious users to have unspecified impact via a long line in a dot file.
Graphviz Graphviz 2.34.0
8.5
CVSSv2
CVE-2008-4555
Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote malicious users to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a l...
Graphviz Graphviz 2.20.0
Graphviz Graphviz 2.4
Graphviz Graphviz 2.18
Graphviz Graphviz 1.7.5 0.1
Graphviz Graphviz 1.8.9.1
Graphviz Graphviz 2.2.2
Graphviz Graphviz 1.7.5.3
Graphviz Graphviz 1.7.5.4
Graphviz Graphviz 1.14.1
Graphviz Graphviz 1.12.3
Graphviz Graphviz 2.10
Graphviz Graphviz 2.12
Graphviz Graphviz 1.7.5 0.2
Graphviz Graphviz 1.7.5 0.3
Graphviz Graphviz 1.7.5.6
Graphviz Graphviz 1.7.16.1
Graphviz Graphviz 1.10 2003-09-15 0415 2
Graphviz Graphviz 1.10 2003-09-15 0415 1
Graphviz Graphviz 1.5.2
Graphviz Graphviz
Graphviz Graphviz 2.20.1
Graphviz Graphviz 2.14
7.5
CVSSv2
CVE-2021-23352
This affects the package madge prior to 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.
Madge Project Madge
7.5
CVSSv2
CVE-2014-9157
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote malicious users to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Graphviz Graphviz -
6.8
CVSSv2
CVE-2020-18032
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and previous versions allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" componen...
Graphviz Graphviz
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
6.8
CVSSv2
CVE-2019-11023
The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.
Graphviz Graphviz 2.39.20160612.1140
6.8
CVSSv2
CVE-2014-1235
Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-09...
Graphviz Graphviz 2.34.0
6.8
CVSSv2
CVE-2003-0602
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x prior to 2.16.3 and 2.17.x prior to 2.17.4 allow remote malicious users to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA ...
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.17.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »