Your submission was sent successfully! Close

CVE-2014-9157

Published: 3 December 2014

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

Priority

Medium

Status

Package Release Status
graphviz
Launchpad, Ubuntu, Debian
lucid
Released (2.20.2-8ubuntu3.2)
precise
Released (2.26.3-10ubuntu1.2)
trusty
Released (2.36.0-0ubuntu3.1)
upstream Needs triage

utopic
Released (2.38.0-5ubuntu0.1)