NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
CPE | Name | Operator | Version |
---|---|---|---|
graphviz | eq | 2.40.1 | |
graphviz | eq | TRAVIS_CI_BUILD_EXPERIMENTAL | |
graphviz | eq | LAST_LIBGRAPH | |
graphviz | eq | 2.38.0 | |
graphviz | eq | 2.40.0 |
bugzilla.redhat.com/show_bug.cgi?id=1579254
gitlab.com/graphviz/graphviz/issues/1367
lists.debian.org/debian-lts-announce/2021/05/msg00014.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VR2CT3LD52GWAQUZAOSEXSYE3O7HGN/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TWUEEJPMS5LAROYJYY6FREOTI6VPN3M4/
usn.ubuntu.com/3731-1/