USN-5971-1: Graphviz vulnerabilities
24 March 2023
Several security issues were fixed in graphviz.
Releases
Packages
- graphviz - rich set of graph drawing tools
Details
It was discovered that graphviz contains null pointer dereference
vulnerabilities. Exploitation via a specially crafted input file can cause
a denial of service. This issue only affected Ubuntu 18.04 LTS.
(CVE-2018-10196)
It was discovered that graphviz contains null pointer dereference
vulnerabilities. Exploitation via a specially crafted input file can cause
a denial of service. These issues only affected Ubuntu 14.04 ESM and Ubuntu
18.04 LTS. (CVE-2019-11023)
It was discovered that graphviz contains a buffer overflow vulnerability.
Exploitation via a specially crafted input file can cause a denial of
service or possibly allow for arbitrary code execution. These issues only
affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2020-18032)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
-
graphviz
-
2.42.2-3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04
-
graphviz
-
2.40.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
graphviz
-
2.36.0-0ubuntu3.2+esm1
Available with Ubuntu Pro
The problem can be corrected by updating your system to the following
package versions:
References
Related notices
- USN-5264-1: libgv-guile, libgv-tcl, libcgraph6, libpathplan4, graphviz-doc, libgvc6-plugins-gtk, libgvpr2, libgv-lua, graphviz, libgraphviz-dev, libcdt5, libgv-ruby, libxdot4, libgvc6, libgv-python, graphviz-dev, libgv-perl