返回 CVE 瀏覽器

CVE-2019-11023

HIGH

8.8

CVSS Severity Score

EPSS Score0.0140%

EPSS Percentile41.42th

Published2019年4月8日

Last Modified2024年11月21日

Vulnerability Description

The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.

Affected Platforms (CPE)

📦

Graphviz

Graphviz

= 2.39.20160612.1140

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00054.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00065.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00056.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00065.html

🔗 https://gitlab.com/graphviz/graphviz/issues/1517

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLEAHLDJVMAEGA3YMC7KPKJ7ZPXNMJID/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI3D5TQE3IMCSF5OUTXQL4GVKFCIY5JG/

🔗 https://research.loginsoft.com/bugs/null-pointer-dereference-in-function-agroot/

相關漏洞威脅

CVE-2014-123610.0

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspeci...

CVE-2014-09789.3

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspec...

CVE-2021-233528.6

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option paramete...

CVE-2008-45558.5

Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier ve...