Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 15 Oct 2008 13:59:29 +0200
From: Thomas Biege <thomas@...e.de>
To: coley@...re.org, oss-security@...ts.openwall.com
Subject: CVE request: graphviz buffer overflow while parsinf DOT file

Hi,
was a CVE-ID assigned to the following issue already?

-------------------------------
The graphviz team has just released a patch to a critical security issue
I reported to them. 

The following is the advisory (also available at
http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html):

Background 
==========
Graphviz is an open-source multi-platform graph visualization software. It
takes a description of graphs in a simple text format (DOT language), and
makes diagrams out of it in several useful formats (including SVG).
...
-------------------------------

-- 
Bye,
     Thomas
-- 
 Thomas Biege <thomas@...e.de>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
-- 
           Hamming's Motto:
           The purpose of computing is insight, not numbers.
                                -- Richard W. Hamming

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ