USN-5264-1: Graphviz vulnerabilities
3 February 2022
Several security issues were fixed in graphviz.
Releases
Packages
- graphviz - rich set of graph drawing tools
Details
It was discovered that graphviz contains null pointer dereference
vulnerabilities. Exploitation via a specially crafted input file
can cause a denial of service.
(CVE-2018-10196, CVE-2019-11023)
It was discovered that graphviz contains a buffer overflow
vulnerability. Exploitation via a specially crafted input file can cause
a denial of service or possibly allow for arbitrary code execution.
(CVE-2020-18032)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
graphviz
-
2.38.0-12ubuntu2.1+esm1
Available with UA Infra or UA Desktop
-
libcdt5
-
2.38.0-12ubuntu2.1+esm1
Available with UA Infra or UA Desktop
-
libcgraph6
-
2.38.0-12ubuntu2.1+esm1
Available with UA Infra or UA Desktop
-
libgvc6
-
2.38.0-12ubuntu2.1+esm1
Available with UA Infra or UA Desktop
-
libgvc6-plugins-gtk
-
2.38.0-12ubuntu2.1+esm1
Available with UA Infra or UA Desktop
-
libgvpr2
-
2.38.0-12ubuntu2.1+esm1
Available with UA Infra or UA Desktop
-
libpathplan4
-
2.38.0-12ubuntu2.1+esm1
Available with UA Infra or UA Desktop
-
libxdot4
-
2.38.0-12ubuntu2.1+esm1
Available with UA Infra or UA Desktop
In general, a standard system update will make all the necessary changes.