CVE-2014-1236

Priority
Medium
Description
Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in
Graphviz 2.34.0 allows remote attackers to have unspecified impact via
vectors related to a "badly formed number" and a "long digit list."
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):released (2.20.2-8ubuntu3.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.26.3-10ubuntu1.1)
Ubuntu 12.10 (Quantal Quetzal):released (2.26.3-12ubuntu1.1)
Ubuntu 13.04 (Raring Ringtail):released (2.26.3-14ubuntu1.1)
Ubuntu 13.10 (Saucy Salamander):released (2.26.3-15ubuntu4.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (2.36.0-0ubuntu1)
Patches:
Upstream:https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-16 14:14:41 UTC (commit 7652)