Your submission was sent successfully! Close

USN-5264-1: Graphviz vulnerabilities

3 February 2022

Several security issues were fixed in graphviz.

Releases

Packages

  • graphviz - rich set of graph drawing tools

Details

It was discovered that graphviz contains null pointer dereference
vulnerabilities. Exploitation via a specially crafted input file
can cause a denial of service.
(CVE-2018-10196, CVE-2019-11023)

It was discovered that graphviz contains a buffer overflow
vulnerability. Exploitation via a specially crafted input file can cause
a denial of service or possibly allow for arbitrary code execution.
(CVE-2020-18032)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04

In general, a standard system update will make all the necessary changes.