CVE-2014-9157

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
debiandebian_linux
7.0
debiandebian_linux
8.0
graphvizgraphviz
𝑥
< 2.42.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
graphviz
bookworm
2.42.2-7+deb12u1
fixed
bullseye
2.42.2-5+deb11u1
fixed
sid
2.42.4-2
fixed
trixie
2.42.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
graphviz
lucid
Fixed 2.20.2-8ubuntu3.2
released
precise
Fixed 2.26.3-10ubuntu1.2
released
trusty
Fixed 2.36.0-0ubuntu3.1
released
utopic
Fixed 2.38.0-5ubuntu0.1
released
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
graphviz
Amazon Linux 1
0:2.38.0-18.44.amzn1
fixed
graphviz-R
Amazon Linux 1
0:2.38.0-18.44.amzn1
fixed
graphviz-debuginfo
Amazon Linux 1
0:2.38.0-18.44.amzn1
fixed
graphviz-devel
Amazon Linux 1
0:2.38.0-18.44.amzn1
fixed
graphviz-doc
Amazon Linux 1
0:2.38.0-18.44.amzn1
fixed
graphviz-gd
Amazon Linux 1
0:2.38.0-18.44.amzn1
fixed
graphviz-graphs
Amazon Linux 1
0:2.38.0-18.44.amzn1
fixed
graphviz-guile
Amazon Linux 1
0:2.38.0-18.44.amzn1
fixed
graphviz-java
Amazon Linux 1
0:2.38.0-18.44.amzn1
fixed
graphviz-lua
Amazon Linux 1
0:2.38.0-18.44.amzn1
fixed
graphviz-perl
Amazon Linux 1
0:2.38.0-18.44.amzn1
fixed
graphviz-php
Amazon Linux 1
0:2.38.0-18.40.amzn1
fixed
graphviz-php54
Amazon Linux 1
0:2.38.0-18.44.amzn1
fixed
graphviz-python
Amazon Linux 1
0:2.38.0-18.44.amzn1
fixed
graphviz-ruby
Amazon Linux 1
0:2.38.0-18.44.amzn1
fixed
graphviz-tcl
Amazon Linux 1
0:2.38.0-18.44.amzn1
fixed