CVE-2014-9157

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2014-9157

Severity

Unknown

Description

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

References

https://images.chainguard.dev/security/CGA-fv5v-h7cc-fw7v
https://github.com/advisories/GHSA-h5f2-wwmp-f73m
http://advisories.mageia.org/MGASA-2014-0520.html
http://secunia.com/advisories/60166
http://www.debian.org/security/2014/dsa-3098
http://www.mandriva.com/security/advisories?name=MDVSA-2014:248
http://www.mandriva.com/security/advisories?name=MDVSA-2015:187
http://www.securityfocus.com/bid/71283
https://exchange.xforce.ibmcloud.com/vulnerabilities/98949
http://seclists.org/oss-sec/2014/q4/784
http://seclists.org/oss-sec/2014/q4/872
https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
https://security-tracker.debian.org/tracker/CVE-2014-9157

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2014-9157

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources