CVE-2019-9904

Published: Mar 21, 2019Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.

Affected (1)

Products: Graphviz: Graphviz

Graphviz

1 product

Graphviz

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Graphviz Graphviz	Version 2.40.1

Related CWEs

CWE-674

Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

References (6)

https://gitlab.com/graphviz/graphviz/issues/1512

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/

Source: cve@mitre.org

ExploitThird Party Advisory

https://security.gentoo.org/glsa/202107-04

Source: cve@mitre.org

Third Party Advisory

https://gitlab.com/graphviz/graphviz/issues/1512

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://security.gentoo.org/glsa/202107-04

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.