GraphViz 1.8.4

CPE Details

GraphViz 1.8.4
graphviz
graphviz
1.8.4
2021-05-17
17h45 +00:00
2021-05-18
17h26 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:graphviz:graphviz:1.8.4:*:*:*:*:*:*:*

Informations

Vendor

graphviz

Product

graphviz

Version

1.8.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-18032 2021-04-29 15h20 +00:00 Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
7.8
High
CVE-2014-9157 2014-12-03 20h00 +00:00 Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
7.5
CVE-2008-4555 2008-10-14 18h00 +00:00 Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.
8.5
CVE-2005-4803 2006-05-17 15h00 +00:00 graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.
3.6