PublicDateAtUSN: 2014-01-10
Candidate: CVE-2014-1236
PublicDate: 2014-01-10 15:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1236
 http://seclists.org/oss-sec/2014/q1/46
 https://ubuntu.com/security/notices/USN-2083-1
Description:
 Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in
 Graphviz 2.34.0 allows remote attackers to have unspecified impact via
 vectors related to a "badly formed number" and a "long digit list."
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734745
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_graphviz:
 upstream: https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff
upstream_graphviz: needs-triage
lucid_graphviz: released (2.20.2-8ubuntu3.1)
precise_graphviz: released (2.26.3-10ubuntu1.1)
quantal_graphviz: released (2.26.3-12ubuntu1.1)
raring_graphviz: released (2.26.3-14ubuntu1.1)
saucy_graphviz: released (2.26.3-15ubuntu4.1)
devel_graphviz: not-affected (2.36.0-0ubuntu1)