CVE-2014-1235
Summary
| CVE | CVE-2014-1235 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-08-07 20:29:00 UTC |
| Updated | 2017-08-29 01:34:00 UTC |
| Description | Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Graphviz: Multiple vulnerabilities (GLSA 201702-06) — Gentoo Security | GENTOO | security.gentoo.org | Mitigation, Patch, Third Party Advisory, VDB Entry |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Graphviz 'yyerror()' Function Incomplete Fix Stack Buffer Overflow Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Prevent possible buffer overflow in yyerror() · ellson/MOTHBALLED-graphviz@d266bb2 · GitHub | CONFIRM | github.com | Issue Tracking, Patch, Third Party Advisory |
| 1050871 – (CVE-2014-1235) CVE-2014-1235 graphviz: buffer overflow in yyerror() due to improper fix for CVE-2014-0978 | CONFIRM | bugzilla.redhat.com | Issue Tracking, Patch, Third Party Advisory |
| oss-sec: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() | MLIST | seclists.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710334 Gentoo Linux Graphviz Multiple Vulnerabilities (GLSA 201702-06)