Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2020-18032

Published: 29/04/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Graphviz

Vulnerability Summary

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and previous versions allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

graphviz graphviz

debian debian linux 9.0

debian debian linux 10.0

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Debian CVElist Bug Report Logs: graphviz: CVE-2020-18032
Debian Bug report logs - #988000 graphviz: CVE-2020-18032 Package: src:graphviz; Maintainer for src:graphviz is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 3 May 2021 14:57:01 UTC Severity: important Tags: security, upstream Found in version graphviz/2 ...
Ubuntu Security Notice: USN-5264-1: Graphviz vulnerabilities
Several security issues were fixed in graphviz ...
Debian Security Advisories: DSA-4914-1 graphviz -- security update
A buffer overflow was discovered in Graphviz, which could potentially result in the execution of arbitrary code when processing a malformed file For the stable distribution (buster), this problem has been fixed in version 2401-6+deb10u1 We recommend that you upgrade your graphviz packages For the detailed security status of graphviz please ref ...
Amazon Linux AMI: ALAS-2021-1513
A flaw was found in graphviz A wrong assumption in record_init function leads to an off-by-one write in parse_reclbl function, allowing an attacker who can provide graph input to potentially execute code when the label of a node is invalid and shorter than two characters The highest threat from this vulnerability is to data confidentiality and in ...
Red Hat: CVE-2020-18032
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapesc" component ...

References

CWE-120https://gitlab.com/graphviz/graphviz/-/issues/1700https://lists.debian.org/debian-lts-announce/2021/05/msg00014.htmlhttps://www.debian.org/security/2021/dsa-4914https://security.gentoo.org/glsa/202107-04https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988000https://ubuntu.com/security/notices/USN-5264-1https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4914
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook