CVE-2008-4555
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2008-4555
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2008-4555.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2008-4555
- Downstream
- Published
- 2008-10-14T21:10:35Z
- Modified
- 2025-08-09T19:01:28Z
- Summary
- [none]
- Details
-
Stack-based buffer overflow in the pushsubg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agrapht elements.
- References
-
- http://secunia.com/advisories/32186
- http://secunia.com/advisories/32656
- http://security.gentoo.org/glsa/glsa-200811-04.xml
- http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html
- http://www.securityfocus.com/bid/31648
- http://bugs.gentoo.org/show_bug.cgi?id=240636
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html
- http://securityreason.com/securityalert/4409
- http://www.securityfocus.com/archive/1/497150/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45765