Hello,

Graphviz, a collection of tools for the manipulation and layout of graphs, was recently reported to be affected by a buffer overflow vulnerability.

The vulnerability is caused due to an error within the "yyerror()" function (lib/cgraph/scan.l) and can be exploited to cause a stack-based buffer overflow via a specially crafted file.

Can a CVE please be assigned to this issue?

References:
http://secunia.com/advisories/55666/
https://bugzilla.redhat.com/show_bug.cgi?id=1049165

--
Regards,

Ratul Gupta / Red Hat Security Response Team