CVE-2014-9157

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
debiandebian_linux
7.0
debiandebian_linux
8.0
graphvizgraphviz
𝑥
< 2.42.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
graphviz
bullseye
2.42.2-5+deb11u1
fixed
bookworm
2.42.2-7+deb12u1
fixed
sid
2.42.4-2
fixed
trixie
2.42.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
graphviz
utopic
Fixed 2.38.0-5ubuntu0.1
released
trusty
Fixed 2.36.0-0ubuntu3.1
released
precise
Fixed 2.26.3-10ubuntu1.2
released
lucid
Fixed 2.20.2-8ubuntu3.2
released
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0520.html
http://seclists.org/oss-sec/2014/q4/784
http://seclists.org/oss-sec/2014/q4/872
http://secunia.com/advisories/60166
http://www.debian.org/security/2014/dsa-3098
http://www.mandriva.com/security/advisories?name=MDVSA-2014:248
http://www.mandriva.com/security/advisories?name=MDVSA-2015:187
http://www.securityfocus.com/bid/71283
https://exchange.xforce.ibmcloud.com/vulnerabilities/98949
https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
http://advisories.mageia.org/MGASA-2014-0520.html
http://seclists.org/oss-sec/2014/q4/784
http://seclists.org/oss-sec/2014/q4/872
http://secunia.com/advisories/60166
http://www.debian.org/security/2014/dsa-3098
http://www.mandriva.com/security/advisories?name=MDVSA-2014:248
http://www.mandriva.com/security/advisories?name=MDVSA-2015:187
http://www.securityfocus.com/bid/71283
https://exchange.xforce.ibmcloud.com/vulnerabilities/98949
https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081