It was discovered that graphviz incorrectly handled parsing errors. An attacker could use this issue to cause graphviz to crash or possibly execute arbitrary code.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "graphviz", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "graphviz-dev", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "graphviz-doc", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "libcdt5", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "libcgraph6", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "libgraphviz-dev", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "libgv-guile", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "libgv-lua", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "libgv-perl", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "libgv-php5", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "libgv-python", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "libgv-ruby", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "libgv-tcl", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "libgvc6", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "libgvc6-plugins-gtk", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "libgvpr2", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "libpathplan4", "binary_version": "2.36.0-0ubuntu3.1" }, { "binary_name": "libxdot4", "binary_version": "2.36.0-0ubuntu3.1" } ] }