CVE-2023-46045

EUVD-2023-50306
Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
graphvizgraphviz
2.36.0 ≤
𝑥
< 10.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
graphviz
bookworm
unimportant
bullseye
unimportant
sid
2.42.4-2
fixed
trixie
2.42.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
graphviz
bionic
Fixed 2.40.1-2ubuntu0.1~esm2
released
focal
Fixed 2.42.2-3ubuntu0.1~esm2
released
jammy
Fixed 2.42.2-6ubuntu0.1+esm1
released
mantic
ignored
noble
needs-triage
oracular
not-affected
trusty
Fixed 2.36.0-0ubuntu3.2+esm2
released
xenial
Fixed 2.38.0-12ubuntu2.1+esm2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
graphviz
suse enterprise desktop 15 SP5
2.48.0-150400.3.3.1
fixed
suse enterprise desktop 15 SP6
2.48.0-150400.3.3.1
fixed
suse enterprise desktop 15 SP7
2.48.0-150400.3.3.1
fixed
suse enterprise sap 15 SP5
2.48.0-150400.3.3.1
fixed
suse enterprise sap 15 SP6
2.48.0-150400.3.3.1
fixed
suse enterprise sap 15 SP7
2.48.0-150400.3.3.1
fixed
suse enterprise server 15 SP5
2.48.0-150400.3.3.1
fixed
suse enterprise server 15 SP6
2.48.0-150400.3.3.1
fixed
suse enterprise server 15 SP7
2.48.0-150400.3.3.1
fixed
graphviz-devel
suse enterprise desktop 15 SP5
2.48.0-150400.3.3.1
fixed
suse enterprise desktop 15 SP6
2.48.0-150400.3.3.1
fixed
suse enterprise desktop 15 SP7
2.48.0-150400.3.3.1
fixed
suse enterprise sap 15 SP5
2.48.0-150400.3.3.1
fixed
suse enterprise sap 15 SP6
2.48.0-150400.3.3.1
fixed
suse enterprise sap 15 SP7
2.48.0-150400.3.3.1
fixed
suse enterprise server 15 SP5
2.48.0-150400.3.3.1
fixed
suse enterprise server 15 SP6
2.48.0-150400.3.3.1
fixed
suse enterprise server 15 SP7
2.48.0-150400.3.3.1
fixed
graphviz-gd
suse enterprise desktop 15 SP7
2.48.0-150400.3.3.1
fixed
suse enterprise sap 15 SP7
2.48.0-150400.3.3.1
fixed
suse enterprise server 15 SP7
2.48.0-150400.3.3.1
fixed
graphviz-plugins-core
suse enterprise desktop 15 SP5
2.48.0-150400.3.3.1
fixed
suse enterprise desktop 15 SP6
2.48.0-150400.3.3.1
fixed
suse enterprise desktop 15 SP7
2.48.0-150400.3.3.1
fixed
suse enterprise sap 15 SP5
2.48.0-150400.3.3.1
fixed
suse enterprise sap 15 SP6
2.48.0-150400.3.3.1
fixed
suse enterprise sap 15 SP7
2.48.0-150400.3.3.1
fixed
suse enterprise server 15 SP5
2.48.0-150400.3.3.1
fixed
suse enterprise server 15 SP6
2.48.0-150400.3.3.1
fixed
suse enterprise server 15 SP7
2.48.0-150400.3.3.1
fixed
libgraphviz6
suse enterprise desktop 15 SP5
2.48.0-150400.3.3.1
fixed
suse enterprise desktop 15 SP6
2.48.0-150400.3.3.1
fixed
suse enterprise desktop 15 SP7
2.48.0-150400.3.3.1
fixed
suse enterprise sap 15 SP5
2.48.0-150400.3.3.1
fixed
suse enterprise sap 15 SP6
2.48.0-150400.3.3.1
fixed
suse enterprise sap 15 SP7
2.48.0-150400.3.3.1
fixed
suse enterprise server 15 SP5
2.48.0-150400.3.3.1
fixed
suse enterprise server 15 SP6
2.48.0-150400.3.3.1
fixed
suse enterprise server 15 SP7
2.48.0-150400.3.3.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
graphviz
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-debuginfo
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-debugsource
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-devel
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-doc
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-gd
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-gd-debuginfo
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-graphs
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-java
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-java-debuginfo
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-lua
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-lua-debuginfo
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-ocaml
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-ocaml-debuginfo
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-perl
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-perl-debuginfo
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-tcl
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
graphviz-tcl-debuginfo
Amazon Linux 2023
0:2.44.0-25.amzn2023.0.7
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
graphviz
Azure Linux 3.0
0:2.42.4-12.azl3
fixed
CBL-Mariner 2.0
0:2.42.4-10.cm2
fixed