Graphviz
By the Year
In 2024 there have been 1 vulnerability in Graphviz with an average score of 7.8 out of ten. Graphviz did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1 | 7.80 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 1 | 7.80 |
2020 | 0 | 0.00 |
2019 | 2 | 7.65 |
2018 | 1 | 5.50 |
It may take a day or so for new Graphviz vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Graphviz Security Vulnerabilities
Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file
CVE-2023-46045
7.8 - High
- February 02, 2024
Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.
Out-of-bounds Read
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier
CVE-2020-18032
7.8 - High
- April 29, 2021
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
Classic Buffer Overflow
The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference
CVE-2019-11023
8.8 - High
- April 08, 2019
The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.
NULL Pointer Dereference
An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1
CVE-2019-9904
6.5 - Medium
- March 21, 2019
An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.
Stack Exhaustion
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1
CVE-2018-10196
5.5 - Medium
- May 30, 2018
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
NULL Pointer Dereference