PublicDateAtUSN: 2014-12-03
Candidate: CVE-2014-9157
PublicDate: 2014-12-03 21:59:00 UTC
References:
 http://openwall.com/lists/oss-security/2014/12/09/16
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9157
 https://ubuntu.com/security/notices/USN-2435-1
Description:
 Format string vulnerability in the yyerror function in lib/cgraph/scan.l in
 Graphviz allows remote attackers to have unspecified impact via format
 string specifiers in unknown vectors, which are not properly handled in an
 error string.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Joshua Rogers
Assigned-to:
CVSS: 

Patches_graphviz:
 upstream: https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
upstream_graphviz: needs-triage
lucid_graphviz: released (2.20.2-8ubuntu3.2)
precise_graphviz: released (2.26.3-10ubuntu1.2)
trusty_graphviz: released (2.36.0-0ubuntu3.1)
trusty/esm_graphviz: released (2.36.0-0ubuntu3.1)
utopic_graphviz: released (2.38.0-5ubuntu0.1)
devel_graphviz: released (2.38.0-6ubuntu1)