oss-sec mailing list archives
Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()
From: cve-assign () mitre org
Date: Wed, 8 Jan 2014 13:19:21 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
a sprintf() which is also later removed by commit d266bb2b4154d11c27252b56d86963aef4434750 just for safety reasons.
Use CVE-2014-1235.
chkNum: also looks like a buffer overflow from user input; yet unfixed. (the regex seems to accept arbitrary long digit list)
Use CVE-2014-1236. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJSzZY+AAoJEKllVAevmvmsYAsIAIGZEGcuh835WrA73b1kTMjn R13vriO4p+2+JDJi/dBeiCAIKM/yS/HiNhNSKnzpRGtfVCIGGO0ugTNpashLcOU6 weAgRfyqEQJjla0tHkdAKALeYqOUB0bh9iWAJ/S8563ciuNR6dg0B5h8zFMaExTG iSEWAap4FFQgcr2UjPX00mbbFkmLAfPXxU5YuBnsMnWoFHKwOvzPJws6bduqXRHb 18e8hsHD+xfTfd2sohabAkizC43rc5m4B/ByDNOWij1Gzi13vIqIaiHicHCidbtS GFgOP1XceMgspT/8DYBnkP74SK2qDts4CHWxICwIJhZ+mpGdHkt84uPSUgArwHQ= =a1Ys -----END PGP SIGNATURE-----
Current thread:
- CVE Request: graphviz: stack-based buffer overflow in yyerror() Ratul Gupta (Jan 06)
- Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() cve-assign (Jan 07)
- Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() Sebastian Krahmer (Jan 08)
- Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() Russ Allbery (Jan 08)
- Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() Emden R. Gansner (Jan 08)
- Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() cve-assign (Jan 08)
- Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() Sebastian Krahmer (Jan 08)
- Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() cve-assign (Jan 07)