[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [FD] Buffer Overflow in graphviz via via a crafted config6a file
From: Matthew Fernandez <matthew.fernandez () gmail ! com>
Date: 2024-02-14 6:25:34
Message-ID: cdec3664-1981-eb40-283d-3dec9e151f1a () gmail ! com
[Download RAW message or body]
On 1/27/24 10:15, Matthew Fernandez wrote:
>
>
> On 1/20/24 15:07, Meng Ruijie wrote:
>> [Vulnerability description]
>> Buffer Overflow vulnerability in graphviz v.2.43.0 allows a remote
>> attacker to execute arbitrary code via a crafted config6a file.
>>
>> [Vulnerability Type]
>> Buffer Overflow
>
> More specifically, this issue is an out-of-bounds read.
>
>> [Vendor of Product]
>> graphviz
>>
>> [Affected Product Code Base]
>> graphviz - 2.43.0
>
> AFAICT the issue was actually introduced in Graphviz 2.36. It was fixed
> in commit a95f977f5d809915ec4b14836d2b5b7f5e74881e (essentially
> reverting cf95714837f06f684929b54659523c2c9b1fc19f that introduced the
> issue), but there has been no release yet since then. The next release
> will be 10.0.0. So affected versions would be [2.36, 10.0.0).
The fix for this ended up landing in Graphviz 10.0.1, available at
https://graphviz.org/download/.
Details of this CVE (CVE-2023-46045) are now published, but the CPEs are
incomplete. For those who track such things, the affected range is
[2.36.0, 10.0.1).
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic