Vulnerability Details CVE-2014-9157
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://advisories.mageia.org/MGASA-2014-0520.html
- http://seclists.org/oss-sec/2014/q4/784
- http://seclists.org/oss-sec/2014/q4/872
- http://secunia.com/advisories/60166
- http://www.debian.org/security/2014/dsa-3098
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:248
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:187
- http://www.securityfocus.com/bid/71283
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98949
- https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
- http://advisories.mageia.org/MGASA-2014-0520.html
- http://seclists.org/oss-sec/2014/q4/784
- http://seclists.org/oss-sec/2014/q4/872
- http://secunia.com/advisories/60166
- http://www.debian.org/security/2014/dsa-3098
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:248
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:187
- http://www.securityfocus.com/bid/71283
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98949
- https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
Products affected by CVE-2014-9157
-
cpe:2.3:a:graphviz:graphviz:-
-
cpe:2.3:a:graphviz:graphviz:1.10
-
cpe:2.3:a:graphviz:graphviz:1.11
-
cpe:2.3:a:graphviz:graphviz:1.12
-
cpe:2.3:a:graphviz:graphviz:1.14
-
cpe:2.3:a:graphviz:graphviz:1.16
-
cpe:2.3:a:graphviz:graphviz:1.18
-
cpe:2.3:a:graphviz:graphviz:1.7.3
-
cpe:2.3:a:graphviz:graphviz:1.7.4
-
cpe:2.3:a:graphviz:graphviz:1.7.5
-
cpe:2.3:a:graphviz:graphviz:1.7.6
-
cpe:2.3:a:graphviz:graphviz:1.8.0
-
cpe:2.3:a:graphviz:graphviz:1.8.1
-
cpe:2.3:a:graphviz:graphviz:1.8.10
-
cpe:2.3:a:graphviz:graphviz:1.8.2
-
cpe:2.3:a:graphviz:graphviz:1.8.3
-
cpe:2.3:a:graphviz:graphviz:1.8.4
-
cpe:2.3:a:graphviz:graphviz:1.8.5
-
cpe:2.3:a:graphviz:graphviz:1.8.6
-
cpe:2.3:a:graphviz:graphviz:1.8.7
-
cpe:2.3:a:graphviz:graphviz:1.8.9
-
cpe:2.3:a:graphviz:graphviz:1.9
-
cpe:2.3:a:graphviz:graphviz:2.0
-
cpe:2.3:a:graphviz:graphviz:2.10
-
cpe:2.3:a:graphviz:graphviz:2.12
-
cpe:2.3:a:graphviz:graphviz:2.14
-
cpe:2.3:a:graphviz:graphviz:2.14.1
-
cpe:2.3:a:graphviz:graphviz:2.16
-
cpe:2.3:a:graphviz:graphviz:2.16.1
-
cpe:2.3:a:graphviz:graphviz:2.18
-
cpe:2.3:a:graphviz:graphviz:2.2
-
cpe:2.3:a:graphviz:graphviz:2.2.1
-
cpe:2.3:a:graphviz:graphviz:2.20.0
-
cpe:2.3:a:graphviz:graphviz:2.20.1
-
cpe:2.3:a:graphviz:graphviz:2.20.2
-
cpe:2.3:a:graphviz:graphviz:2.22.0
-
cpe:2.3:a:graphviz:graphviz:2.22.1
-
cpe:2.3:a:graphviz:graphviz:2.22.2
-
cpe:2.3:a:graphviz:graphviz:2.24.0
-
cpe:2.3:a:graphviz:graphviz:2.26.0
-
cpe:2.3:a:graphviz:graphviz:2.26.3
-
cpe:2.3:a:graphviz:graphviz:2.28.0
-
cpe:2.3:a:graphviz:graphviz:2.30.0
-
cpe:2.3:a:graphviz:graphviz:2.30.1
-
cpe:2.3:a:graphviz:graphviz:2.32.0
-
cpe:2.3:a:graphviz:graphviz:2.34.0
-
cpe:2.3:a:graphviz:graphviz:2.36.0
-
cpe:2.3:a:graphviz:graphviz:2.38.0
-
cpe:2.3:a:graphviz:graphviz:2.39.20160612.1140
-
cpe:2.3:a:graphviz:graphviz:2.4
-
cpe:2.3:a:graphviz:graphviz:2.40.0
-
cpe:2.3:a:graphviz:graphviz:2.40.1
-
cpe:2.3:a:graphviz:graphviz:2.42.0
-
cpe:2.3:a:graphviz:graphviz:2.42.1
-
cpe:2.3:a:graphviz:graphviz:2.42.2
-
cpe:2.3:a:graphviz:graphviz:2.42.3
-
cpe:2.3:a:graphviz:graphviz:2.6
-
cpe:2.3:a:graphviz:graphviz:2.8
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:debian:debian_linux:8.0