Security Information / 2014 / Security Information -- DSA-2843-1 graphviz

Debian Security Advisory

DSA-2843-1 graphviz -- buffer overflow

Date Reported:

13 Jan 2014

Affected Packages:

graphviz

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 734745.
In Mitre's CVE dictionary: CVE-2014-0978, CVE-2014-1236.

More information:

Two buffer overflow vulnerabilities were reported in Graphviz, a rich collection of graph drawing tools. The Common Vulnerabilities and Exposures project identifies the following issues:

• CVE-2014-0978

  It was discovered that user-supplied input used in the yyerror() function in lib/cgraph/scan.l is not bound-checked before beeing copied into an insufficiently sized memory buffer. A context-dependent attacker could supply a specially crafted input file containing a long line to cause a stack-based buffer overlow, resulting in a denial of service (application crash) or potentially allowing the execution of arbitrary code.

• CVE-2014-1236

  Sebastian Krahmer reported an overflow condition in the chkNum() function in lib/cgraph/scan.l that is triggered as the used regular expression accepts an arbitrary long digit list. With a specially crafted input file, a context-dependent attacker can cause a stack-based buffer overflow, resulting in a denial of service (application crash) or potentially allowing the execution of arbitrary code.

For the oldstable distribution (squeeze), these problems have been fixed in version 2.26.3-5+squeeze2.

For the stable distribution (wheezy), these problems have been fixed in version 2.26.3-14+deb7u1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your graphviz packages.