Information on source package graphviz

Available versions

ReleaseVersion
jessie2.38.0-7
stretch2.38.0-17
buster2.40.1-6
bullseye2.42.2-3
sid2.42.2-3

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-9904vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableAn issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2. ...
CVE-2018-10196vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedNULL pointer dereference vulnerability in the rebuild_vlists function ...

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-11023vulnerablevulnerablevulnerablevulnerablevulnerableThe agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39. ...

Resolved issues

BugDescription
CVE-2014-9157Format string vulnerability in the yyerror function in lib/cgraph/scan ...
CVE-2014-1236Stack-based buffer overflow in the chkNum function in lib/cgraph/scan. ...
CVE-2014-1235Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34 ...
CVE-2014-0978Stack-based buffer overflow in the yyerror function in lib/cgraph/scan ...
CVE-2009-3736ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as us ...
CVE-2008-4555Stack-based buffer overflow in the push_subg function in parser.y (lib ...
CVE-2005-4803graphviz before 2.2.1 allows local users to overwrite arbitrary files ...

Security announcements

DSA / DLADescription
DSA-3098-1graphviz - security update
DLA-105-1graphviz - security update
DSA-2843-1graphviz - buffer overflow
DSA-2843-1graphviz - buffer overflow
DSA-857-1graphviz - insecure temporary file

Search for package or bug name: Reporting problems