CVE-2014-0978

Priority
Medium
Description
Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in
Graphviz 2.34.0 allows remote attackers to have unspecified impact via a
long line in a dot file.
References
Bugs
Notes
mdeslaur> this fix introduced CVE-2014-1235
Assigned-to
mdeslaur
Package
Upstream:released (2.26.3-16)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.20.2-8ubuntu3.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.26.3-10ubuntu1.1)
Ubuntu 12.10 (Quantal Quetzal):released (2.26.3-12ubuntu1.1)
Ubuntu 13.04 (Raring Ringtail):released (2.26.3-14ubuntu1.1)
Ubuntu 13.10 (Saucy Salamander):released (2.26.3-15ubuntu4.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (2.36.0-0ubuntu1)
Patches:
Upstream:https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-16 14:14:40 UTC (commit 7652)