| Release | Version |
|---|---|
| jessie | 2.38.0-7+deb8u1 |
| stretch | 2.38.0-17+deb9u1 |
| buster | 2.40.1-6+deb10u1 |
| bullseye | 2.42.2-5 |
| bookworm | 2.42.2-7 |
| trixie | 2.42.2-8 |
| sid | 2.42.2-9 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-46045 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | fixed | fixed | Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read vi ... |
| CVE-2019-11023 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39. ... |
| Bug | Description |
|---|---|
| CVE-2020-18032 | Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f ... |
| CVE-2018-10196 | NULL pointer dereference vulnerability in the rebuild_vlists function ... |
| CVE-2014-9157 | Format string vulnerability in the yyerror function in lib/cgraph/scan ... |
| CVE-2014-1236 | Stack-based buffer overflow in the chkNum function in lib/cgraph/scan. ... |
| CVE-2014-1235 | Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34 ... |
| CVE-2014-0978 | Stack-based buffer overflow in the yyerror function in lib/cgraph/scan ... |
| CVE-2009-3736 | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as us ... |
| CVE-2008-4555 | Stack-based buffer overflow in the push_subg function in parser.y (lib ... |
| CVE-2005-4803 | graphviz before 2.2.1 allows local users to overwrite arbitrary files ... |
| DSA / DLA | Description |
|---|---|
| DLA-2659-1 | graphviz - security update |
| ELA-428-1 | graphviz - security update |
| DSA-4914-1 | graphviz - security update |
| DSA-3098-1 | graphviz - security update |
| DLA-105-1 | graphviz - security update |
| DSA-2843-1 | graphviz - buffer overflow |
| DSA-857-1 | graphviz - insecure temporary file |