graphviz
Page content
- Author: Miklos Vajna
- Vulnerable: 2.20.2-1
- Unaffected: 2.20.3-1solaria1
Roee Hay has discovered a vulnerability in Graphviz, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error within the “push_subg()” function in lib/graph/parser.c, which can be exploited to cause a memory corruption and potentially execute arbitrary code by e.g. tricking a user into processing a specially crafted dot file.
- Bug Tracker URL: http://bugs.frugalware.org/task/3413