Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote malicious users to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
graphviz graphviz 2.20.0 |
||
graphviz graphviz 2.4 |
||
graphviz graphviz 2.18 |
||
graphviz graphviz 1.7.5_0.1 |
||
graphviz graphviz 1.8.9.1 |
||
graphviz graphviz 2.2.2 |
||
graphviz graphviz 1.7.5.3 |
||
graphviz graphviz 1.7.5.4 |
||
graphviz graphviz 1.14.1 |
||
graphviz graphviz 1.12.3 |
||
graphviz graphviz 2.10 |
||
graphviz graphviz 2.12 |
||
graphviz graphviz 1.7.5_0.2 |
||
graphviz graphviz 1.7.5_0.3 |
||
graphviz graphviz 1.7.5.6 |
||
graphviz graphviz 1.7.16.1 |
||
graphviz graphviz 1.10_2003-09-15_0415_2 |
||
graphviz graphviz 1.10_2003-09-15_0415_1 |
||
graphviz graphviz 1.5.2 |
||
graphviz graphviz |
||
graphviz graphviz 2.20.1 |
||
graphviz graphviz 2.14 |
||
graphviz graphviz 2.16 |
||
graphviz graphviz 2.2.1.1 |
||
graphviz graphviz 2.2.1 |
||
graphviz graphviz 2.2 |
||
graphviz graphviz 1.7.16.2 |
||
graphviz graphviz 1.5.3 |
||
graphviz graphviz 1.12.2 |
||
graphviz graphviz 1.12.1 |
||
graphviz graphviz 2.6 |
||
graphviz graphviz 2.8 |
||
graphviz graphviz 1.8.5.1 |
||
graphviz graphviz 1.8.5.2 |
||
graphviz graphviz 1.7.5.7 |
||
graphviz graphviz 1.7.5.5 |
||
graphviz graphviz 1.7.5.1 |
||
graphviz graphviz 1.7.5.2 |
||
graphviz graphviz 1.5.1 |
||
graphviz graphviz 1.16.1 |
Vulmon