CVE-2018-10196

Published: 30 May 2018

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
graphviz
Launchpad, Ubuntu, Debian
Upstream
Released (2.40.1-6)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.40.1-7build1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.40.1-7build1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed