[v2.7] graphviz: buffer overflow (CVE-2014-0978 CVE-2014-1236)
CVE-2014-0978
It was discovered that user-supplied input used in the yyerror()
function in lib/cgraph/scan.l is not bound-checked before beeing
copied into an insufficiently sized memory buffer. A
context-dependent attacker could supply a specially crafted input
file containing a long line to cause a stack-based buffer overlow,
resulting in a denial of service (application crash) or potentially
allowing the execution of arbitrary code.
•MLIST:[oss-security] 20140107 CVE Request: graphviz: stack-based
buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/28
•MLIST:[oss-security] 20140107 Re: CVE Request: graphviz: stack-based
buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/38
•MISC: https://bugs.gentoo.org/show\_bug.cgi?id=497274
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1049165
•CONFIRM:
https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a
•BID:64674
•URL: http://www.securityfocus.com/bid/64674
•SECUNIA:55666
•URL: http://secunia.com/advisories/55666
•XF:graphviz-yyerror-bo(90085)
•URL: http://xforce.iss.net/xforce/xfdb/90085
CVE-2014-1236
Sebastian Krahmer reported an overflow condition in the chkNum()
function in lib/cgraph/scan.l that is triggered as the used regular
expression accepts an arbitrary long digit list. With a specially
crafted input file, a context-dependent attacker can cause a
stack-based buffer overflow, resulting in a denial of service
(application crash) or potentially allowing the execution of
arbitrary code.
•MLIST:[oss-security] 20140108 Re: CVE Request: graphviz: stack-based
buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/54
•MLIST:[oss-security] 20140108 Re: Re: CVE Request: graphviz:
stack-based buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/46
•MLIST:[oss-security] 20140108 Re: Re: CVE Request: graphviz:
stack-based buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/51
•CONFIRM:
https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff
•SECUNIA:55666
•URL: http://secunia.com/advisories/55666
(from redmine: issue id 2610, created on 2014-01-15, closed on 2014-02-05)
- Relations:
- parent #2609 (closed)
- Changesets:
- Revision 0881bdc9 by Natanael Copa on 2014-02-05T09:27:13Z:
main/graphviz: security fixes for CVE-2014-0978, CVE-2014-1235, CVE-2014-1236
fixes #2610