oss-sec mailing list archives

Re: CVE request: graphviz buffer overflow while parsinf DOT file

From: Tomas Hoger <thoger () redhat com>
Date: Wed, 15 Oct 2008 14:06:22 +0200

On Wed, 15 Oct 2008 13:59:29 +0200 Thomas Biege <thomas () suse de> wrote:

was a CVE-ID assigned to the following issue already?


Name: CVE-2008-4555
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4555
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20081014
Category: 
Reference: BUGTRAQ:20081008 Advisory: Graphviz Buffer Overflow Code Execution
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/497150/100/0/threaded
Reference: MISC:http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=240636
Reference: BID:31648
Reference: URL:http://www.securityfocus.com/bid/31648
Reference: SECUNIA:32186
Reference: URL:http://secunia.com/advisories/32186

Stack-based buffer overflow in the push_subg function in parser.y
(lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier
versions, allows user-assisted remote attackers to cause a denial of
service (memory corruption) or execute arbitrary code via a DOT file
with a large number of Agraph_t elements.

-- 
Tomas Hoger / Red Hat Security Response Team

Current thread:

CVE request: graphviz buffer overflow while parsinf DOT file Thomas Biege (Oct 15)
- Re: CVE request: graphviz buffer overflow while parsinf DOT file Tomas Hoger (Oct 15)