Skip to main content

Graphviz

7 CVEs product

Monthly

CVE-2019-11023 HIGH POC This Week

The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Graphviz
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2019-9904 MEDIUM POC This Month

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Graphviz
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2018-10196 MEDIUM PATCH This Month

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Graphviz Fedora Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2014-1235 HIGH PATCH This Week

Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service Graphviz
NVD GitHub
CVSS 3.0
7.8
EPSS
0.9%
CVE-2014-9157 HIGH POC PATCH This Week

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Debian Linux Graphviz
NVD GitHub
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-0978 CRITICAL POC PATCH Act Now

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Graphviz
NVD GitHub
CVSS 2.0
9.3
EPSS
6.5%
CVE-2014-1236 CRITICAL POC PATCH Act Now

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Graphviz
NVD GitHub
CVSS 2.0
10.0
EPSS
7.9%
EPSS 5% CVSS 8.8
HIGH POC This Week

The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Graphviz
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Graphviz
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Graphviz +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Debian Linux Graphviz
NVD GitHub
EPSS 7% CVSS 9.3
CRITICAL POC PATCH Act Now

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Graphviz
NVD GitHub
EPSS 8% CVSS 10.0
CRITICAL POC PATCH Act Now

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Graphviz
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy