Skip to content

GitLab

aports
aports
Closed
Opened by Alexander Belous@belousa

graphviz: buffer overflow (CVE-2014-0978 CVE-2014-1236)

Two buffer overflow vulnerabilities were reported in Graphviz, a rich
collection of graph drawing tools. The Common Vulnerabilities and
Exposures project identifies the following issues:

CVE-2014-0978

It was discovered that user-supplied input used in the yyerror()
function in lib/cgraph/scan.l is not bound-checked before beeing
copied into an insufficiently sized memory buffer. A
context-dependent attacker could supply a specially crafted input
file containing a long line to cause a stack-based buffer overlow,
resulting in a denial of service (application crash) or potentially
allowing the execution of arbitrary code.

•MLIST:[oss-security] 20140107 CVE Request: graphviz: stack-based buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/28
•MLIST:[oss-security] 20140107 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/38
•MISC: https://bugs.gentoo.org/show\_bug.cgi?id=497274
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1049165
•CONFIRM: https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a
•BID:64674
•URL: http://www.securityfocus.com/bid/64674
•SECUNIA:55666
•URL: http://secunia.com/advisories/55666
•XF:graphviz-yyerror-bo(90085)
•URL: http://xforce.iss.net/xforce/xfdb/90085

CVE-2014-1236

Sebastian Krahmer reported an overflow condition in the chkNum()
function in lib/cgraph/scan.l that is triggered as the used regular
expression accepts an arbitrary long digit list. With a specially
crafted input file, a context-dependent attacker can cause a
stack-based buffer overflow, resulting in a denial of service
(application crash) or potentially allowing the execution of
arbitrary code.

•MLIST:[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/54
•MLIST:[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/46
•MLIST:[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/51
•CONFIRM: https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff
•SECUNIA:55666
•URL: http://secunia.com/advisories/55666

(from redmine: issue id 2609, created on 2014-01-15, closed on 2014-02-07)

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information