Graphviz

graphviz

Vendor: Graphviz • 11 CVEs

CVEs (11)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-46045 1Graphviz 1Graphviz Nov 4, 2025 Feb 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.
CVE-2020-18032 3Debian FedoraprojectGraphviz 3Debian Linux FedoraGraphviz Nov 21, 2024 Apr 29, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into...Show more Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.Show less
CVE-2019-11023 1Graphviz 1Graphviz Jun 17, 2026 Apr 8, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.
CVE-2019-9904 1Graphviz 1Graphviz Jun 17, 2026 Mar 21, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.
CVE-2018-10196 3Canonical FedoraprojectGraphviz 3Fedora GraphvizUbuntu Linux Nov 21, 2024 May 30, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted f...Show more NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.Show less
CVE-2014-1235 1Graphviz 1Graphviz May 13, 2026 Aug 7, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability ex...Show more Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.Show less
CVE-2014-9157 2Debian Graphviz 2Debian Linux Graphviz May 6, 2026 Dec 3, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in a...Show more Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.Show less
CVE-2014-0978 1Graphviz 1Graphviz Apr 29, 2026 Jan 10, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.
CVE-2014-1236 1Graphviz 1Graphviz Apr 29, 2026 Jan 10, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."
CVE-2008-4555 1Graphviz 1Graphviz Apr 23, 2026 Oct 14, 2008 N/A· v4 N/A· v3 8.5 HIGH· v2 Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corrupt...Show more Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.Show less
CVE-2005-4803 1Graphviz 1Graphviz Apr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 3.6 LOW· v2 graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been us...Show more graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.Show less