CVE-2014-0978
graphviz - buffer overflow
EPSS 6.5%
Description
Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.
How to fix CVE-2014-0978
To remediate CVE-2014-0978, upgrade the affected package to a fixed version below.
- Debian/graphviz—upgrade to 2.26.3-16 or later
- Debian/graphviz—upgrade to 2.26.3-5+squeeze2 or later
Is CVE-2014-0978 being exploited?
Moderate — EPSS is 6.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.26.3-16
- from 0, < 2.26.3-5+squeeze2