CVE-2014-0978
Published: 10 January 2014
Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
graphviz Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.26.3-16)
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(2.36.0-0ubuntu1)
|
|
|
Patches: Upstream: https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a |
||
Notes
| Author | Note |
|---|---|
| mdeslaur | this fix introduced CVE-2014-1235 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0978
- http://seclists.org/oss-sec/2014/q1/28
- https://usn.ubuntu.com/usn/usn-2083-1
- NVD
- Launchpad
- Debian