USN-5264-1: Graphviz vulnerabilities

Publication date

3 February 2022

Overview

Several security issues were fixed in graphviz.

Releases


Packages

  • graphviz - rich set of graph drawing tools

Details

It was discovered that graphviz contains null pointer dereference
vulnerabilities. Exploitation via a specially crafted input file
can cause a denial of service.
(CVE-2018-10196, CVE-2019-11023)

It was discovered that graphviz contains a buffer overflow
vulnerability. Exploitation via a specially crafted input file can cause
a denial of service or possibly allow for arbitrary code execution.
(CVE-2020-18032)

It was discovered that graphviz contains null pointer dereference
vulnerabilities. Exploitation via a specially crafted input file
can cause a denial of service.
(CVE-2018-10196, CVE-2019-11023)

It was discovered that graphviz contains a buffer overflow
vulnerability. Exploitation via a specially crafted input file can cause
a denial of service or possibly allow for arbitrary code execution.
(CVE-2020-18032)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
16.04 xenial graphviz –  2.38.0-12ubuntu2.1+esm1  
libcdt5 –  2.38.0-12ubuntu2.1+esm1  
libcgraph6 –  2.38.0-12ubuntu2.1+esm1  
libgvc6 –  2.38.0-12ubuntu2.1+esm1  
libgvc6-plugins-gtk –  2.38.0-12ubuntu2.1+esm1  
libgvpr2 –  2.38.0-12ubuntu2.1+esm1  
libpathplan4 –  2.38.0-12ubuntu2.1+esm1  
libxdot4 –  2.38.0-12ubuntu2.1+esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›