An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.
References
Link | Resource |
---|---|
https://gitlab.com/graphviz/graphviz/issues/1512 | Exploit Issue Tracking Third Party Advisory |
https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/ | Exploit Third Party Advisory |
https://security.gentoo.org/glsa/202107-04 | Third Party Advisory |
Configurations
History
01 Feb 2023, 20:28
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (MISC) https://gitlab.com/graphviz/graphviz/issues/1512 - Exploit, Issue Tracking, Third Party Advisory |
Information
Published : 2019-03-21 18:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-9904
Mitre link : CVE-2019-9904
CVE.ORG link : CVE-2019-9904
JSON object : View
Products Affected
graphviz
- graphviz
CWE
CWE-674
Uncontrolled Recursion