Graphviz Graphviz

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Graphviz.

By the Year

In 2025 there have been 0 vulnerabilities in Graphviz. Last year, in 2024 Graphviz had 1 security vulnerability published. Right now, Graphviz is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 1 7.80
2023 0 0.00
2022 0 0.00
2021 1 7.80
2020 0 0.00
2019 2 7.65
2018 1 5.50

It may take a day or so for new Graphviz vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Graphviz Security Vulnerabilities

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file

CVE-2023-46045 7.8 - High - February 02, 2024

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.

Out-of-bounds Read

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier

CVE-2020-18032 7.8 - High - April 29, 2021

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.

Classic Buffer Overflow

The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference

CVE-2019-11023 8.8 - High - April 08, 2019

The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.

NULL Pointer Dereference

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1

CVE-2019-9904 6.5 - Medium - March 21, 2019

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.

Stack Exhaustion

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1

CVE-2018-10196 5.5 - Medium - May 30, 2018

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.

NULL Pointer Dereference

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz

CVE-2014-9157 - December 03, 2014

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

Use of Externally-Controlled Format String

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Graphviz or by Graphviz? Click the Watch button to subscribe.

Graphviz
Vendor

Graphviz
Product

subscribe