Vulnerability Details CVE-2020-18032
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://gitlab.com/graphviz/graphviz/-/issues/1700
- https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/
- https://security.gentoo.org/glsa/202107-04
- https://www.debian.org/security/2021/dsa-4914
- https://gitlab.com/graphviz/graphviz/-/issues/1700
- https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/
- https://security.gentoo.org/glsa/202107-04
- https://www.debian.org/security/2021/dsa-4914
Products affected by CVE-2020-18032
-
cpe:2.3:a:graphviz:graphviz:-
-
cpe:2.3:a:graphviz:graphviz:1.10
-
cpe:2.3:a:graphviz:graphviz:1.11
-
cpe:2.3:a:graphviz:graphviz:1.12
-
cpe:2.3:a:graphviz:graphviz:1.14
-
cpe:2.3:a:graphviz:graphviz:1.16
-
cpe:2.3:a:graphviz:graphviz:1.18
-
cpe:2.3:a:graphviz:graphviz:1.7.3
-
cpe:2.3:a:graphviz:graphviz:1.7.4
-
cpe:2.3:a:graphviz:graphviz:1.7.5
-
cpe:2.3:a:graphviz:graphviz:1.7.6
-
cpe:2.3:a:graphviz:graphviz:1.8.0
-
cpe:2.3:a:graphviz:graphviz:1.8.1
-
cpe:2.3:a:graphviz:graphviz:1.8.10
-
cpe:2.3:a:graphviz:graphviz:1.8.2
-
cpe:2.3:a:graphviz:graphviz:1.8.3
-
cpe:2.3:a:graphviz:graphviz:1.8.4
-
cpe:2.3:a:graphviz:graphviz:1.8.5
-
cpe:2.3:a:graphviz:graphviz:1.8.6
-
cpe:2.3:a:graphviz:graphviz:1.8.7
-
cpe:2.3:a:graphviz:graphviz:1.8.9
-
cpe:2.3:a:graphviz:graphviz:1.9
-
cpe:2.3:a:graphviz:graphviz:2.0
-
cpe:2.3:a:graphviz:graphviz:2.10
-
cpe:2.3:a:graphviz:graphviz:2.12
-
cpe:2.3:a:graphviz:graphviz:2.14
-
cpe:2.3:a:graphviz:graphviz:2.14.1
-
cpe:2.3:a:graphviz:graphviz:2.16
-
cpe:2.3:a:graphviz:graphviz:2.16.1
-
cpe:2.3:a:graphviz:graphviz:2.18
-
cpe:2.3:a:graphviz:graphviz:2.2
-
cpe:2.3:a:graphviz:graphviz:2.2.1
-
cpe:2.3:a:graphviz:graphviz:2.20.0
-
cpe:2.3:a:graphviz:graphviz:2.20.1
-
cpe:2.3:a:graphviz:graphviz:2.20.2
-
cpe:2.3:a:graphviz:graphviz:2.22.0
-
cpe:2.3:a:graphviz:graphviz:2.22.1
-
cpe:2.3:a:graphviz:graphviz:2.22.2
-
cpe:2.3:a:graphviz:graphviz:2.24.0
-
cpe:2.3:a:graphviz:graphviz:2.26.0
-
cpe:2.3:a:graphviz:graphviz:2.26.3
-
cpe:2.3:a:graphviz:graphviz:2.28.0
-
cpe:2.3:a:graphviz:graphviz:2.30.0
-
cpe:2.3:a:graphviz:graphviz:2.30.1
-
cpe:2.3:a:graphviz:graphviz:2.32.0
-
cpe:2.3:a:graphviz:graphviz:2.34.0
-
cpe:2.3:a:graphviz:graphviz:2.36.0
-
cpe:2.3:a:graphviz:graphviz:2.38.0
-
cpe:2.3:a:graphviz:graphviz:2.39.20160612.1140
-
cpe:2.3:a:graphviz:graphviz:2.4
-
cpe:2.3:a:graphviz:graphviz:2.40.0
-
cpe:2.3:a:graphviz:graphviz:2.40.1
-
cpe:2.3:a:graphviz:graphviz:2.42.0
-
cpe:2.3:a:graphviz:graphviz:2.42.1
-
cpe:2.3:a:graphviz:graphviz:2.42.2
-
cpe:2.3:a:graphviz:graphviz:2.42.3
-
cpe:2.3:a:graphviz:graphviz:2.42.4
-
cpe:2.3:a:graphviz:graphviz:2.44.0
-
cpe:2.3:a:graphviz:graphviz:2.44.1
-
cpe:2.3:a:graphviz:graphviz:2.6
-
cpe:2.3:a:graphviz:graphviz:2.8
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:33
-
cpe:2.3:o:fedoraproject:fedora:34