Your submission was sent successfully! Close

CVE-2008-4555

Published: 14 October 2008

Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.

Priority

Low

Status

Package Release Status
graphviz
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy Ignored
(reached end-of-life)
intrepid Needed
(reached end-of-life)
jaunty Not vulnerable

karmic Not vulnerable

lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

quantal Not vulnerable

raring Not vulnerable

saucy Not vulnerable

upstream
Released (2.20.3)

Notes

AuthorNote
kees
http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html

References

Bugs