CVE-2014-9157
graphviz - security update
EPSS 1.9%
Description
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
How to fix CVE-2014-9157
To remediate CVE-2014-9157, upgrade the affected package to a fixed version below.
- Debian/graphviz—upgrade to 2.38.0-7 or later
- Debian/graphviz—upgrade to 2.26.3-5+squeeze3 or later
- Debian/graphviz—upgrade to 2.26.3-14+deb7u2 or later
Is CVE-2014-9157 being exploited?
Low — EPSS is 1.9%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.38.0-7
- from 0, < 2.26.3-5+squeeze3
- from 0, < 2.26.3-14+deb7u2