CVE-2014-1236

Published: 10 January 2014

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."

Priority

Status

Package	Release	Status
graphviz Launchpad, Ubuntu, Debian	Upstream	Needs triage





	Ubuntu 14.04 ESM (Trusty Tahr)	Not vulnerable (2.36.0-0ubuntu1)
	Patches: Upstream: https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1236
http://seclists.org/oss-sec/2014/q1/46
https://usn.ubuntu.com/usn/usn-2083-1
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734745

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM