CVE-2020-18032 Information

Jun 07, 2022 cve

Description

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the \lib/common/shapes.c\ component.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://gitlab.com/graphviz/graphviz/-/issues/1700 https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html https://www.debian.org/security/2021/dsa-4914 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/ https://security.gentoo.org/glsa/202107-04

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8

Share on: