Debian Security Advisory
DSA-2843-1 graphviz -- buffer overflow
- Date Reported:
- 13 Jan 2014
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 734745.
In Mitre's CVE dictionary: CVE-2014-0978, CVE-2014-1236.
- More information:
Two buffer overflow vulnerabilities were reported in Graphviz, a rich collection of graph drawing tools. The Common Vulnerabilities and Exposures project identifies the following issues:
It was discovered that user-supplied input used in the yyerror() function in lib/cgraph/scan.l is not bound-checked before beeing copied into an insufficiently sized memory buffer. A context-dependent attacker could supply a specially crafted input file containing a long line to cause a stack-based buffer overlow, resulting in a denial of service (application crash) or potentially allowing the execution of arbitrary code.
Sebastian Krahmer reported an overflow condition in the chkNum() function in lib/cgraph/scan.l that is triggered as the used regular expression accepts an arbitrary long digit list. With a specially crafted input file, a context-dependent attacker can cause a stack-based buffer overflow, resulting in a denial of service (application crash) or potentially allowing the execution of arbitrary code.
For the oldstable distribution (squeeze), these problems have been fixed in version 2.26.3-5+squeeze2.
For the stable distribution (wheezy), these problems have been fixed in version 2.26.3-14+deb7u1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your graphviz packages.