CVE-2014-9157

描述

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

受影響套件(3)

• Debian/graphvizfrom 0, < 2.38.0-7
• Debian/graphvizfrom 0, < 2.26.3-5+squeeze3
• Debian/graphvizfrom 0, < 2.26.3-14+deb7u2

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9157