CVE-2014-1236

Published: 10 January 2014

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."

Priority

Status

Package	Release	Status
graphviz Launchpad, Ubuntu, Debian	lucid	Released (2.20.2-8ubuntu3.1)
	precise	Released (2.26.3-10ubuntu1.1)
	quantal	Released (2.26.3-12ubuntu1.1)
	raring	Released (2.26.3-14ubuntu1.1)
	saucy	Released (2.26.3-15ubuntu4.1)
	upstream	Needs triage
	Patches: upstream: https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1236
http://seclists.org/oss-sec/2014/q1/46
https://ubuntu.com/security/notices/USN-2083-1
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734745

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›