Computer Security
[EN] securityvulns.ru no-pyccku


Graphviz array index overflow
Published:10.11.2008
Source:
SecurityVulns ID:9412
Type:local
Threat Level:
5/10
Description:Array index overflow on DOT file with large number of Agraph_t elements.
Affected:GRAPHVIZ : graphviz 2.20
CVE:CVE-2008-4555 (Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.)
Original documentdocumentGENTOO, [ GLSA 200811-04 ] Graphviz: User-assisted execution of arbitrary code (10.11.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod