Information on source package graphviz

Available versions

ReleaseVersion
bullseye2.42.2-5+deb11u1
bookworm2.42.2-7+deb12u1
trixie2.42.4-2
sid2.42.4-2

Open unimportant issues

BugbullseyebookwormtrixiesidDescription
CVE-2023-46045vulnerablevulnerablefixedfixedGraphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read vi ...
CVE-2019-11023vulnerablevulnerablevulnerablevulnerableThe agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39. ...

Resolved issues

BugDescription
CVE-2020-18032Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f ...
CVE-2018-10196NULL pointer dereference vulnerability in the rebuild_vlists function ...
CVE-2014-9157Format string vulnerability in the yyerror function in lib/cgraph/scan ...
CVE-2014-1236Stack-based buffer overflow in the chkNum function in lib/cgraph/scan. ...
CVE-2014-1235Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34 ...
CVE-2014-0978Stack-based buffer overflow in the yyerror function in lib/cgraph/scan ...
CVE-2009-3736ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as us ...
CVE-2008-4555Stack-based buffer overflow in the push_subg function in parser.y (lib ...
CVE-2005-4803graphviz before 2.2.1 allows local users to overwrite arbitrary files ...

Security announcements

DSA / DLADescription
DLA-2659-1graphviz - security update
DSA-4914-1graphviz - security update
DSA-3098-1graphviz - security update
DLA-105-1graphviz - security update
DSA-2843-1graphviz - buffer overflow
DSA-857-1graphviz - insecure temporary file
Search for package or bug name: Reporting problems