CVE-2014-0978

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:C/I:C/A:C
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
graphvizgraphviz
2.34.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
graphviz
bullseye
2.42.2-5+deb11u1
fixed
bookworm
2.42.2-7+deb12u1
fixed
sid
2.42.4-2
fixed
trixie
2.42.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
graphviz
saucy
Fixed 2.26.3-15ubuntu4.1
released
raring
Fixed 2.26.3-14ubuntu1.1
released
quantal
Fixed 2.26.3-12ubuntu1.1
released
precise
Fixed 2.26.3-10ubuntu1.1
released
lucid
Fixed 2.20.2-8ubuntu3.1
released
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2014/q1/28
http://seclists.org/oss-sec/2014/q1/38
http://secunia.com/advisories/55666
http://secunia.com/advisories/56244
http://www.debian.org/security/2014/dsa-2843
http://www.mandriva.com/security/advisories?name=MDVSA-2014:024
http://www.securityfocus.com/bid/64674
https://bugs.gentoo.org/show_bug.cgi?id=497274
https://bugzilla.redhat.com/show_bug.cgi?id=1049165
https://exchange.xforce.ibmcloud.com/vulnerabilities/90085
https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a
https://security.gentoo.org/glsa/201702-06
http://seclists.org/oss-sec/2014/q1/28
http://seclists.org/oss-sec/2014/q1/38
http://secunia.com/advisories/55666
http://secunia.com/advisories/56244
http://www.debian.org/security/2014/dsa-2843
http://www.mandriva.com/security/advisories?name=MDVSA-2014:024
http://www.securityfocus.com/bid/64674
https://bugs.gentoo.org/show_bug.cgi?id=497274
https://bugzilla.redhat.com/show_bug.cgi?id=1049165
https://exchange.xforce.ibmcloud.com/vulnerabilities/90085
https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a
https://security.gentoo.org/glsa/201702-06