[v2.6] graphviz: format string vulnerability (CVE-2014-9157)
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.
•MLIST:[oss-security] 20141125 CVE Request: Graphviz format string
vuln
•URL: http://seclists.org/oss-sec/2014/q4/784
•MLIST:[oss-security] 20141201 Re: Re: CVE Request: Graphviz format
string vuln
•URL: http://seclists.org/oss-sec/2014/q4/872
•CONFIRM:
https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
•BID:71283
•URL: http://www.securityfocus.com/bid/71283
•SECUNIA:60166
•URL: http://secunia.com/advisories/60166
•XF:graphviz-format-sting(98949)
•URL: http://xforce.iss.net/xforce/xfdb/98949
(from redmine: issue id 3753, created on 2015-01-27, closed on 2017-09-05)
- Relations:
- parent #3752