Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE Request: graphviz: stack-based buffer overflow in yyerror()
From: Ratul Gupta <ratulg () redhat com>
Date: Tue, 07 Jan 2014 12:52:19 +0530

Hello,

Graphviz, a collection of tools for the manipulation and layout of graphs, was recently reported to be affected by a buffer overflow vulnerability.

The vulnerability is caused due to an error within the "yyerror()" function (lib/cgraph/scan.l) and can be exploited to cause a stack-based buffer overflow via a specially crafted file.

Can a CVE please be assigned to this issue?

References:
http://secunia.com/advisories/55666/
https://bugzilla.redhat.com/show_bug.cgi?id=1049165

--
Regards,

Ratul Gupta / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]