Published: 22 December 2018
The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service (application crash) via a crafted object.
From the Ubuntu security team
It was discovered that igraph mishandled certain malformed XML. An attacker could use this vulnerability to cause a denial of service (crash).
CVSS 3 base score: 6.5
Launchpad, Ubuntu, Debian
|Ubuntu 20.10 (Groovy Gorilla)||
|Ubuntu 20.04 LTS (Focal Fossa)||
|Ubuntu 18.04 LTS (Bionic Beaver)||
|Ubuntu 16.04 ESM (Xenial Xerus)||
|Ubuntu 14.04 ESM (Trusty Tahr)||
Does not exist
(trusty was needs-triage)