Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
References
Link | Resource |
---|---|
https://gitlab.com/graphviz/graphviz/-/issues/1700 | Exploit Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/ | |
https://security.gentoo.org/glsa/202107-04 | Issue Tracking Third Party Advisory |
https://www.debian.org/security/2021/dsa-4914 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
13 May 2022, 20:52
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 May 2021, 19:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/ - Mailing List, Third Party Advisory |
27 May 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2021-04-29 18:15
Updated : 2024-02-04 21:47
NVD link : CVE-2020-18032
Mitre link : CVE-2020-18032
CVE.ORG link : CVE-2020-18032
JSON object : View
Products Affected
graphviz
- graphviz
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')