mailing list archives
CVE Request: graphviz: stack-based buffer overflow in yyerror()
From: Ratul Gupta <ratulg () redhat com>
Date: Tue, 07 Jan 2014 12:52:19 +0530
Graphviz, a collection of tools for the manipulation and layout of
graphs, was recently reported to be affected by a buffer overflow
The vulnerability is caused due to an error within the "yyerror()"
function (lib/cgraph/scan.l) and can be exploited to cause a stack-based
buffer overflow via a specially crafted file.
Can a CVE please be assigned to this issue?
Ratul Gupta / Red Hat Security Response Team
- CVE Request: graphviz: stack-based buffer overflow in yyerror() Ratul Gupta (Jan 07)