MEDIUM6.5
An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- https://gitlab.com/graphviz/graphviz/issues/1512
- https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/
- https://security.gentoo.org/glsa/202107-04
- https://gitlab.com/graphviz/graphviz/issues/1512
- https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/
- https://security.gentoo.org/glsa/202107-04