Back to search
CVE-2008-4555
Published: Oct 14, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
GLSA-200811-04
vendor-advisory
x_refsource_GENTOO
32186
third-party-advisory
x_refsource_SECUNIA
graphviz-pushsubg-bo(45765)
vdb-entry
x_refsource_XF
SUSE-SR:2008:023
vendor-advisory
x_refsource_SUSE
31648
vdb-entry
x_refsource_BID
20081008 Advisory: Graphviz Buffer Overflow Code Execution
mailing-list
x_refsource_BUGTRAQ
http://bugs.gentoo.org/show_bug.cgi?id=240636
x_refsource_CONFIRM
4409
third-party-advisory
x_refsource_SREASON
32656
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now