CVE-2019-11023

Published: 8 April 2019

The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.

Priority

Low

CVSS 3 base score: 8.8

Status

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11023
• https://research.loginsoft.com/bugs/null-pointer-dereference-in-function-agroot/
• https://ubuntu.com/security/notices/USN-5264-1
• NVD
• Launchpad
• Debian

Bugs

• https://gitlab.com/graphviz/graphviz/issues/1517