Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
References
Link | Resource |
---|---|
http://advisories.mageia.org/MGASA-2014-0520.html | Third Party Advisory |
http://seclists.org/oss-sec/2014/q4/784 | Exploit Mailing List Third Party Advisory |
http://seclists.org/oss-sec/2014/q4/872 | Exploit Mailing List Third Party Advisory |
http://secunia.com/advisories/60166 | Broken Link |
http://www.debian.org/security/2014/dsa-3098 | Third Party Advisory |
http://www.mandriva.com/security/advisories?name=MDVSA-2014:248 | Broken Link |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:187 | Broken Link |
http://www.securityfocus.com/bid/71283 | Broken Link Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/98949 | Third Party Advisory VDB Entry |
https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081 | Exploit Third Party Advisory |
Configurations
History
19 Jul 2024, 13:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:graphviz:graphviz:*:*:*:*:*:*:*:* | |
References | () http://advisories.mageia.org/MGASA-2014-0520.html - Third Party Advisory | |
References | () http://seclists.org/oss-sec/2014/q4/784 - Exploit, Mailing List, Third Party Advisory | |
References | () http://seclists.org/oss-sec/2014/q4/872 - Exploit, Mailing List, Third Party Advisory | |
References | () http://secunia.com/advisories/60166 - Broken Link | |
References | () http://www.debian.org/security/2014/dsa-3098 - Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2014:248 - Broken Link | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2015:187 - Broken Link | |
References | () http://www.securityfocus.com/bid/71283 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/98949 - Third Party Advisory, VDB Entry | |
References | () https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081 - Exploit, Third Party Advisory |
Information
Published : 2014-12-03 21:59
Updated : 2024-07-19 13:02
NVD link : CVE-2014-9157
Mitre link : CVE-2014-9157
CVE.ORG link : CVE-2014-9157
JSON object : View
Products Affected
graphviz
- graphviz
debian
- debian_linux
CWE
CWE-134
Use of Externally-Controlled Format String