Package graphviz updated to version 2.40.1-alt6 for branch sisyphus in task 227247.

Published: 2018-01-09

BDU:2021-01391

Уязвимость функции rebuild_vlists в lib/dotgen/conc.c библиотеки dotgen ПО для визуализации графиков Graphviz, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

CVE-2018-10196

Published: 2018-05-30
Modified: 2024-11-21

CVE-2018-10196

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

add *.desktop for viewing text/vnd.graphviz

Сломана сборка graphviz

Version: 2.1.2

Package graphviz update in sisyphus on 2019-04-20

ALT-PU-2019-1699-1

Closed vulnerabilities

BDU:2021-01391

CVE-2018-10196

Closed bugs

Bug #27583

Bug #36596