Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2014-1236

Published: 10/01/2014 Updated: 01/07/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Graphviz

Vulnerability Summary

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote malicious users to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."

Vulnerable Product Search on Vulmon Subscribe to Product

graphviz graphviz 2.34.0

Vendor Advisories

Debian CVElist Bug Report Logs: graphviz: Multiple security issues
Debian Bug report logs - #734745 graphviz: Multiple security issues Package: graphviz; Maintainer for graphviz is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for graphviz is src:graphviz (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 9 Jan 2014 14:15:01 UTC Severity: grave T ...
Ubuntu Security Notice: graphviz vulnerabilities
Graphviz could be made to crash or run programs as your login if it opened a specially crafted file ...
Debian Security Advisories: DSA-2843-1 graphviz -- buffer overflow
Two buffer overflow vulnerabilities were reported in Graphviz, a rich collection of graph drawing tools The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-0978 It was discovered that user-supplied input used in the yyerror() function in lib/cgraph/scanl is not bound-checked before beeing copied ...
Amazon Linux AMI: ALAS-2014-296
Stack-based buffer overflow in the chkNum function in lib/cgraph/scanl in Graphviz 2340 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list" Stack-based buffer overflow in the yyerror function in lib/cgraph/scanl in Graphviz 2340 allows remote attackers to have unspecified ...
Amazon Linux AMI: ALAS-2014-297
Stack-based buffer overflow in the chkNum function in lib/cgraph/scanl in Graphviz 2340 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list" Stack-based buffer overflow in the yyerror function in lib/cgraph/scanl in Graphviz 2340 allows remote attackers to have unspecified ...
Red Hat: CVE-2014-1236
Stack-based buffer overflow in the chkNum function in lib/cgraph/scanl in Graphviz 2340 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list" ...

References

CWE-119http://seclists.org/oss-sec/2014/q1/54http://seclists.org/oss-sec/2014/q1/46http://secunia.com/advisories/55666https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ffhttp://seclists.org/oss-sec/2014/q1/51http://secunia.com/advisories/56244http://www.debian.org/security/2014/dsa-2843http://www.securityfocus.com/bid/64737http://www.mandriva.com/security/advisories?name=MDVSA-2014:024https://bugzilla.redhat.com/show_bug.cgi?id=1050872http://osvdb.org/101851https://security.gentoo.org/glsa/201702-06https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734745https://usn.ubuntu.com/2083-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-1236
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook