Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 15 Oct 2008 14:06:22 +0200
From: Tomas Hoger <>
Subject: Re: CVE request: graphviz buffer overflow while
 parsinf DOT file

On Wed, 15 Oct 2008 13:59:29 +0200 Thomas Biege <> wrote:

> was a CVE-ID assigned to the following issue already?

Name: CVE-2008-4555
Status: Candidate
Assigned: 20081014
Reference: BUGTRAQ:20081008 Advisory: Graphviz Buffer Overflow Code Execution
Reference: URL:
Reference: MISC:
Reference: CONFIRM:
Reference: BID:31648
Reference: URL:
Reference: SECUNIA:32186
Reference: URL:

Stack-based buffer overflow in the push_subg function in parser.y
(lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier
versions, allows user-assisted remote attackers to cause a denial of
service (memory corruption) or execute arbitrary code via a DOT file
with a large number of Agraph_t elements.

Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.