CVE-2018-10196

Published: 30 May 2018

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
graphviz Launchpad, Ubuntu, Debian	Upstream	Released (2.40.1-6)

	Ubuntu 21.04 (Hirsute Hippo)	Not vulnerable (2.40.1-7build1)
	Ubuntu 20.04 LTS (Focal Fossa)	Not vulnerable (2.40.1-7build1)
	Ubuntu 18.04 LTS (Bionic Beaver)	Needed
	Ubuntu 16.04 ESM (Xenial Xerus)	Needed
	Ubuntu 14.04 ESM (Trusty Tahr)	Needed

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10196
NVD
Launchpad
Debian

Bugs

https://gitlab.com/graphviz/graphviz/issues/1367
https://issuetracker.google.com/issues/77810342
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898841

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›