QwikSec

Security Database

CVE

CWE

Training

CVE-2014-1235

Published: Aug 7, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_GENTOO

[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()

mailing-list

x_refsource_MLIST

https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750

x_refsource_CONFIRM

graphviz-cve20141235-bo(90198)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=1050871

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.