[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <cdec3664-1981-eb40-283d-3dec9e151f1a@gmail.com>
Date: Wed, 14 Feb 2024 17:25:34 +1100
From: Matthew Fernandez <matthew.fernandez@...il.com>
To: fulldisclosure@...lists.org
Subject: Re: [FD] Buffer Overflow in graphviz via via a crafted config6a file
On 1/27/24 10:15, Matthew Fernandez wrote:
>
>
> On 1/20/24 15:07, Meng Ruijie wrote:
>> [Vulnerability description]
>> Buffer Overflow vulnerability in graphviz v.2.43.0 allows a remote
>> attacker to execute arbitrary code via a crafted config6a file.
>>
>> [Vulnerability Type]
>> Buffer Overflow
>
> More specifically, this issue is an out-of-bounds read.
>
>> [Vendor of Product]
>> graphviz
>>
>> [Affected Product Code Base]
>> graphviz - 2.43.0
>
> AFAICT the issue was actually introduced in Graphviz 2.36. It was fixed
> in commit a95f977f5d809915ec4b14836d2b5b7f5e74881e (essentially
> reverting cf95714837f06f684929b54659523c2c9b1fc19f that introduced the
> issue), but there has been no release yet since then. The next release
> will be 10.0.0. So affected versions would be [2.36, 10.0.0).
The fix for this ended up landing in Graphviz 10.0.1, available at
https://graphviz.org/download/.
Details of this CVE (CVE-2023-46045) are now published, but the CPEs are
incomplete. For those who track such things, the affected range is
[2.36.0, 10.0.1).
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists