CVE-2019-9904

NameCVE-2019-9904
DescriptionAn issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
graphvizsourcewheezy(unfixed)end-of-life

Notes

Does not reproduce with the version of Graphviz in Bullseye, might be bogus
or Windows-specific. Even if applicable to some older release, impact is
negligible anyway
https://gitlab.com/graphviz/graphviz/issues/1512

Search for package or bug name: Reporting problems