Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
References
Link | Resource |
---|---|
https://gitlab.com/graphviz/graphviz/-/issues/1700 | Exploit Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/ | |
https://security.gentoo.org/glsa/202107-04 | Issue Tracking Third Party Advisory |
https://www.debian.org/security/2021/dsa-4914 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
13 May 2022, 20:52
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 May 2021, 19:44
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
27 May 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 May 2021, 19:39
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 7.8 |
References | (MISC) https://gitlab.com/graphviz/graphviz/-/issues/1700 - Exploit, Patch, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2021/dsa-4914 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
14 May 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 May 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 May 2021, 01:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:graphviz:graphviz:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-120 | |
References | (MISC) https://gitlab.com/graphviz/graphviz/-/issues/1700 - Exploit, Third Party Advisory |
29 Apr 2021, 18:48
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-29 18:15
Updated : 2023-12-10 13:55
NVD link : CVE-2020-18032
Mitre link : CVE-2020-18032
CVE.ORG link : CVE-2020-18032
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
graphviz
- graphviz
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')