CVE-2014-1235

Published: 08 January 2014

Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
graphviz
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(2.36.0-0ubuntu1)
Patches:
Upstream: https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750