CVE-2014-9157

EPSS 1.9%

graphviz - security update

Published: 12/3/2014Modified: 4/28/2026

Description

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

Affected packages (3)

Debian/graphvizfrom 0, < 2.38.0-7
Debian/graphvizfrom 0, < 2.26.3-5+squeeze3
Debian/graphvizfrom 0, < 2.26.3-14+deb7u2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9157