Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
graphviz vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-23352
This affects the package madge prior to 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.
Madge Project Madge
8.8
CVSSv3
CVE-2021-21406
Combodo iTop is an open source, web based IT Service Management tool. In versions before 2.7.4, there is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path. The vulnerability is patched in version 2.7.4 and 3.0.0.
Combodo Itop
Combodo Itop 2.7.5
Combodo Itop 2.7.5-1
8.8
CVSSv3
CVE-2019-11023
The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.
Graphviz Graphviz 2.39.20160612.1140
7.8
CVSSv3
CVE-2023-46045
Graphviz 2.36.0 up to and including 9.x prior to 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.
Graphviz Graphviz
7.8
CVSSv3
CVE-2020-18032
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and previous versions allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" componen...
Graphviz Graphviz
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
7.8
CVSSv3
CVE-2014-1235
Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-09...
Graphviz Graphviz 2.34.0
6.5
CVSSv3
CVE-2019-9904
An issue exists in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.
Graphviz Graphviz 2.40.1
5.5
CVSSv3
CVE-2018-10196
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote malicious users to cause a denial of service (application crash) via a crafted file.
Graphviz Graphviz 2.40.1
Fedoraproject Fedora 27
Fedoraproject Fedora 28
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
NA
CVE-2015-10131
A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz-admin.php. The manipulation leads to cross site scripting. The attack may be la...
NA
CVE-2014-9157
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote malicious users to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Graphviz Graphviz -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »