CVE-2014-6262
HIGH7.5EPSS 19.7%rrdtool - security update
Published: 2/12/2020Modified: 4/28/2026
Description
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.
Affected packages (2)
- Debian/rrdtoolfrom 0, < 1.5.4-1
- Debian/rrdtoolfrom 0, < 1.4.8-1.2+deb8u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |