oss-sec mailing list archives
CVE Request: graphviz: stack-based buffer overflow in yyerror()
From: Ratul Gupta <ratulg () redhat com>
Date: Tue, 07 Jan 2014 12:52:19 +0530
Hello,Graphviz, a collection of tools for the manipulation and layout of graphs, was recently reported to be affected by a buffer overflow vulnerability.
The vulnerability is caused due to an error within the "yyerror()" function (lib/cgraph/scan.l) and can be exploited to cause a stack-based buffer overflow via a specially crafted file.
Can a CVE please be assigned to this issue? References: http://secunia.com/advisories/55666/ https://bugzilla.redhat.com/show_bug.cgi?id=1049165 -- Regards, Ratul Gupta / Red Hat Security Response Team
Current thread:
- CVE Request: graphviz: stack-based buffer overflow in yyerror() Ratul Gupta (Jan 06)
- Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() cve-assign (Jan 07)
- Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() Sebastian Krahmer (Jan 08)
- Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() Russ Allbery (Jan 08)
- Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() Emden R. Gansner (Jan 08)
- Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() cve-assign (Jan 08)
- Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() Sebastian Krahmer (Jan 08)
- Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() cve-assign (Jan 07)