UBUNTU-CVE-2019-9904

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-9904

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9904.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-9904

Upstream

CVE-2019-9904

Published

2019-03-21T18:29:00Z

Modified

2025-07-14T06:34:15.361756Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- low

Summary

[none]

Details

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.

References

Affected packages

Ubuntu:Pro:14.04:LTS / graphviz

Package

Name: graphviz
Purl: pkg:deb/ubuntu/graphviz@2.36.0-0ubuntu3.2+esm2?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.26.3-15ubuntu4

2.34.0-0ubuntu4

2.34.0-0ubuntu5

2.36.0-0ubuntu1

2.36.0-0ubuntu2

2.36.0-0ubuntu3

2.36.0-0ubuntu3.1

2.36.0-0ubuntu3.2

2.36.0-0ubuntu3.2+esm1

2.36.0-0ubuntu3.2+esm2

Ubuntu:Pro:16.04:LTS / graphviz

Package

Name: graphviz
Purl: pkg:deb/ubuntu/graphviz@2022-01-27?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2022-01-27

Affected versions

2.*

2.38.0-10build1

2.38.0-11

2.38.0-12

2.38.0-12build1

2.38.0-12ubuntu1

2.38.0-12ubuntu2

2.38.0-12ubuntu2.1

2.38.0-12ubuntu2.1+esm1

2.38.0-12ubuntu2.1+esm2

Ubuntu:Pro:18.04:LTS / graphviz

Package

Name: graphviz
Purl: pkg:deb/ubuntu/graphviz@2.40.1-2ubuntu0.1~esm2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.38.0-16ubuntu2

2.38.0-18ubuntu1

2.40.1-0ubuntu5

2.40.1-0ubuntu6

2.40.1-2

2.40.1-2ubuntu0.1~esm1

2.40.1-2ubuntu0.1~esm2

Ubuntu:Pro:20.04:LTS / graphviz

Package

Name: graphviz
Purl: pkg:deb/ubuntu/graphviz@2.42.2-3ubuntu0.1~esm2?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.40.1-7build1

2.40.1-7build2

2.42.2-3

2.42.2-3build1

2.42.2-3build2

2.42.2-3ubuntu0.1~esm1

2.42.2-3ubuntu0.1~esm2

Ubuntu:22.04:LTS / graphviz

Package

Name: graphviz
Purl: pkg:deb/ubuntu/graphviz@2.42.2-6ubuntu0.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.42.2-5

2.42.2-5build1

2.42.2-6

2.42.2-6ubuntu0.1

Ubuntu:24.04:LTS / graphviz

Package

Name: graphviz
Purl: pkg:deb/ubuntu/graphviz@2.42.2-9ubuntu0.1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.42.2-7build3

2.42.2-7build4

2.42.2-8build1

2.42.2-9

2.42.2-9build1

2.42.2-9ubuntu0.1

Ubuntu:25.04 / graphviz

Package

Name: graphviz
Purl: pkg:deb/ubuntu/graphviz@2.42.4-3?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.42.4-2build2

2.42.4-2build3

2.42.4-2build4

2.42.4-3