CVE-2014-1236

Description

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."

How to fix CVE-2014-1236

To remediate CVE-2014-1236, upgrade the affected package to a fixed version below.

• Debian/graphviz—upgrade to 2.26.3-16.1 or later

Is CVE-2014-1236 being exploited?

Moderate — EPSS is 7.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 2.26.3-16.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-1236