Main Vulnerability Database Vulnerabilities #VU36049

#VU36049 Resource exhaustion in graphviz - CVE-2019-9904

Published: March 21, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU36049

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-9904

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
graphviz

Software vendor:
The Graphviz Project

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in libcdtdttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in libcgraphgraph.c in libcgraph.a, related to agfstsubg in libcgraphsubg.c.

Remediation

Install update from vendor's website.

External links

https://gitlab.com/graphviz/graphviz/issues/1512
https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/

#VU36049 Resource exhaustion in graphviz - CVE-2019-9904

Description

Remediation

External links

Please verify you're human