Published: 21/03/2019 Updated: 01/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
graphviz graphviz 2.40.1

Debian Bug report logs - #925284 graphviz: CVE-2019-9904 Package: src:graphviz; Maintainer for src:graphviz is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 22 Mar 2019 13:15:02 UTC Severity: normal Tags: security, upstream Found in version graphviz/240 ...

Impact: Moderate Public Date: 2019-03-16 CWE: CWE-400 Bugzilla: 1691717: CVE-2019-9904 graphviz: recurs ...

CWE-674 https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/https://gitlab.com/graphviz/graphviz/issues/1512 https://security.gentoo.org/glsa/202107-04 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925284 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2019-9904

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-9904

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect