oss-sec mailing list archives

CVE request: graphviz buffer overflow while parsinf DOT file

From: Thomas Biege <thomas () suse de>
Date: Wed, 15 Oct 2008 13:59:29 +0200

Hi,
was a CVE-ID assigned to the following issue already?

-------------------------------
The graphviz team has just released a patch to a critical security issue
I reported to them. 

The following is the advisory (also available at
http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html):

Background 
==========
Graphviz is an open-source multi-platform graph visualization software. It
takes a description of graphs in a simple text format (DOT language), and
makes diagrams out of it in several useful formats (including SVG).
...
-------------------------------

-- 
Bye,
     Thomas
-- 
 Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
-- 
           Hamming's Motto:
           The purpose of computing is insight, not numbers.
                                -- Richard W. Hamming

Current thread:

CVE request: graphviz buffer overflow while parsinf DOT file Thomas Biege (Oct 15)
- Re: CVE request: graphviz buffer overflow while parsinf DOT file Tomas Hoger (Oct 15)