Vulnerability CVE-2019-9904


Published: 2019-03-21

Description:
An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.

Type:

CWE-400

(Uncontrolled Resource Consumption ('Resource Exhaustion'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Graphviz -> Graphviz 

 References:
https://gitlab.com/graphviz/graphviz/issues/1512
https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/

Copyright 2024, cxsecurity.com

 

Back to Top