Graphviz

Do you want an email whenever new security vulnerabilities are reported in Graphviz?

By the Year

In 2024 there have been 1 vulnerability in Graphviz with an average score of 7.8 out of ten. Graphviz did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.

Year	Vulnerabilities	Average Score
2024	1	7.80
2023	0	0.00
2022	0	0.00
2021	1	7.80
2020	0	0.00
2019	2	7.65
2018	1	5.50

It may take a day or so for new Graphviz vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Graphviz Security Vulnerabilities

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file

CVE-2023-46045 7.8 - High - February 02, 2024

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.

Out-of-bounds Read

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier

CVE-2020-18032 7.8 - High - April 29, 2021

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.

Classic Buffer Overflow

The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference

CVE-2019-11023 8.8 - High - April 08, 2019

The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.

NULL Pointer Dereference

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1

CVE-2019-9904 6.5 - Medium - March 21, 2019

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.

Stack Exhaustion

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1

CVE-2018-10196 5.5 - Medium - May 30, 2018

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.

NULL Pointer Dereference

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Graphviz? Click the Watch button to subscribe.

Graphviz
Vendor

Graphviz
Product

Graphviz

By the Year

Recent Graphviz Security Vulnerabilities

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file CVE-2023-46045 7.8 - High - February 02, 2024

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier CVE-2020-18032 7.8 - High - April 29, 2021

The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference CVE-2019-11023 8.8 - High - April 08, 2019

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1 CVE-2019-9904 6.5 - Medium - March 21, 2019

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 CVE-2018-10196 5.5 - Medium - May 30, 2018