Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4555

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2008-4555
Last Modified 29 Jan 2009 01:56:46
Published 14 Oct 2008 05:10:35
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-4555

Summary

Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.

Vulnerable Systems

Application

  • Graphviz 1.10 2003-09-15 0415 1

  • Graphviz 1.10 2003-09-15 0415 2

  • Graphviz 1.12.1

  • Graphviz 1.12.2

  • Graphviz 1.12.3

  • Graphviz 1.14.1

  • Graphviz 1.16.1

  • Graphviz 1.5.1

  • Graphviz 1.5.2

  • Graphviz 1.5.3

  • Graphviz 1.7.16.1

  • Graphviz 1.7.16.2

  • Graphviz 1.7.5 0.1

  • Graphviz 1.7.5 0.2

  • Graphviz 1.7.5 0.3

  • Graphviz 1.7.5.1

  • Graphviz 1.7.5.2

  • Graphviz 1.7.5.3

  • Graphviz 1.7.5.4

  • Graphviz 1.7.5.5

  • Graphviz 1.7.5.6

  • Graphviz 1.7.5.7

  • Graphviz 1.8.5.1

  • Graphviz 1.8.5.2

  • Graphviz 1.8.9.1

  • Graphviz 2.10

  • Graphviz 2.12

  • Graphviz 2.14

  • Graphviz 2.16

  • Graphviz 2.18

  • Graphviz 2.2

  • Graphviz 2.2.1

  • Graphviz 2.2.1.1

  • Graphviz 2.2.2

  • Graphviz 2.20.0

  • Graphviz 2.20.1

  • Graphviz 2.20.2

  • Graphviz 2.4

  • Graphviz 2.6

  • Graphviz 2.8


References

BID - 31648

XF - graphviz-pushsubg-bo(45765)

BUGTRAQ - 20081008 Advisory: Graphviz Buffer Overflow Code Execution

SREASON - 4409

GENTOO - GLSA-200811-04

SECUNIA - 32656

SECUNIA - 32186

MISC - http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html

SUSE - SUSE-SR:2008:023

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=240636


Last Updated: 27 May 2016 10:48:32