Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Use of Externally-Controlled Format String The product uses a function that accepts a format string as an argument, but the format string originates from an external source. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P | [email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Products Mentioned
Configuraton 0
Debian>>Debian_linux >> Version 7.0
- Debian>>Debian_linux >> Version 7.0 (Open CPE detail)
Debian>>Debian_linux >> Version 8.0
- Debian>>Debian_linux >> Version 8.0 (Open CPE detail)
Configuraton 0
Graphviz>>Graphviz >> Version To (excluding) 2.42.4
- Graphviz>>Graphviz >> Version - (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.7.3 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.7.4 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.7.5 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.7.6 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.8.0 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.8.1 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.8.2 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.8.3 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.8.4 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.8.5 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.8.6 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.8.7 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.8.9 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.8.10 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.9 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.10 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.11 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.12 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.14 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.16 (Open CPE detail)
- Graphviz>>Graphviz >> Version 1.18 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.0 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.2 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.2.1 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.4 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.6 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.8 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.10 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.12 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.14 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.14.1 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.16 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.16.1 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.18 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.20.0 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.20.1 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.20.2 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.22.0 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.22.1 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.22.2 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.24.0 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.26.0 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.26.3 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.28.0 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.30.0 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.30.1 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.32.0 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.34.0 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.36.0 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.38.0 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.39.20160612.1140 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.40.0 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.40.1 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.42.0 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.42.1 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.42.2 (Open CPE detail)
- Graphviz>>Graphviz >> Version 2.42.3 (Open CPE detail)
References
http://www.mandriva.com/security/advisories?name=MDVSA-2014:248
Tags : vendor-advisory, x_refsource_MANDRIVA
Tags : vendor-advisory, x_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=MDVSA-2015:187
Tags : vendor-advisory, x_refsource_MANDRIVA
Tags : vendor-advisory, x_refsource_MANDRIVA
https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
2025©
tesweb SA
