CVE-2019-9904

EUVD-2019-19259
An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
graphvizgraphviz
2.40.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
graphviz
bionic
needs-triage
cosmic
ignored
disco
ignored
eoan
ignored
focal
needs-triage
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
needs-triage
xenial
deferred
Common Weakness Enumeration
References
https://gitlab.com/graphviz/graphviz/issues/1512
https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/
https://security.gentoo.org/glsa/202107-04
https://gitlab.com/graphviz/graphviz/issues/1512
https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/
https://security.gentoo.org/glsa/202107-04