Graphviz: >> Graphviz >> 1.12.2 Security Vulnerabilities
Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.
CVSS Score
8.5
EPSS Score
0.068
Published
2008-10-14
graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.
CVSS Score
3.6
EPSS Score
0.001
Published
2005-12-31