CVE-2014-9157

EUVD-2014-8982
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
debiandebian_linux
7.0
debiandebian_linux
8.0
graphvizgraphviz
𝑥
< 2.42.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
graphviz
bookworm
2.42.2-7+deb12u1
fixed
bullseye
2.42.2-5+deb11u1
fixed
sid
2.42.4-2
fixed
trixie
2.42.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
graphviz
lucid
Fixed 2.20.2-8ubuntu3.2
released
precise
Fixed 2.26.3-10ubuntu1.2
released
trusty
Fixed 2.36.0-0ubuntu3.1
released
utopic
Fixed 2.38.0-5ubuntu0.1
released
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0520.html
http://seclists.org/oss-sec/2014/q4/784
http://seclists.org/oss-sec/2014/q4/872
http://secunia.com/advisories/60166
http://www.debian.org/security/2014/dsa-3098
http://www.mandriva.com/security/advisories?name=MDVSA-2014:248
http://www.mandriva.com/security/advisories?name=MDVSA-2015:187
http://www.securityfocus.com/bid/71283
https://exchange.xforce.ibmcloud.com/vulnerabilities/98949
https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
http://advisories.mageia.org/MGASA-2014-0520.html
http://seclists.org/oss-sec/2014/q4/784
http://seclists.org/oss-sec/2014/q4/872
http://secunia.com/advisories/60166
http://www.debian.org/security/2014/dsa-3098
http://www.mandriva.com/security/advisories?name=MDVSA-2014:248
http://www.mandriva.com/security/advisories?name=MDVSA-2015:187
http://www.securityfocus.com/bid/71283
https://exchange.xforce.ibmcloud.com/vulnerabilities/98949
https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081