Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Gentoo: GLSA-200811-04 Normal: Graphviz Buffer Overflow Alert

gentoo
Calendar Grey November 9, 2008
Dist Gentoo Esm H88
Vulnerability in user-driven code execution for Graphviz on Gentoo Linux disclosed in advisory GLSA 200811-04. Immediate patch recommended.
A buffer overflow in Graphviz might lead to user-assisted execution of arbitrary code via a DOT file.

Summary

Gentoo Linux Security Advisory GLSA 200811-04 https://security.gentoo.org/ Severity: Normal Title: Graphviz: User-assisted execution of arbitrary code Date: November 09, 2008 Bugs: #240636 ID: 200811-04

Synopsis ======= A buffer overflow in Graphviz might lead to user-assisted execution of arbitrary code via a DOT file.
Background ========= Graphviz is an open source graph visualization software.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/graphviz < 2.20.3 >= 2.20.3
========== Roee Hay reported a stack-based buffer overflow in the push_subg() function in parser.y when processing a DOT file with a large number of Agraph_t elements.
Impact ====...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory update gentoo buffer overflow arbitrary code execution software issue graphviz

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory update gentoo buffer overflow arbitrary code execution software issue graphviz

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here