cpe:/a:graphviz:graphviz:1.5.1 cpe:/a:graphviz:graphviz:1.5.2 cpe:/a:graphviz:graphviz:1.5.3 cpe:/a:graphviz:graphviz:1.7.5.1 cpe:/a:graphviz:graphviz:1.7.5.2 cpe:/a:graphviz:graphviz:1.7.5.3 cpe:/a:graphviz:graphviz:1.7.5.4 cpe:/a:graphviz:graphviz:1.7.5.5 cpe:/a:graphviz:graphviz:1.7.5.6 cpe:/a:graphviz:graphviz:1.7.5.7 cpe:/a:graphviz:graphviz:1.7.5_0.1 cpe:/a:graphviz:graphviz:1.7.5_0.2 cpe:/a:graphviz:graphviz:1.7.5_0.3 cpe:/a:graphviz:graphviz:1.7.16.1 cpe:/a:graphviz:graphviz:1.7.16.2 cpe:/a:graphviz:graphviz:1.8.5.1 cpe:/a:graphviz:graphviz:1.8.5.2 cpe:/a:graphviz:graphviz:1.8.9.1 cpe:/a:graphviz:graphviz:1.10_2003-09-15_0415_1 cpe:/a:graphviz:graphviz:1.10_2003-09-15_0415_2 cpe:/a:graphviz:graphviz:1.12.1 cpe:/a:graphviz:graphviz:1.12.2 cpe:/a:graphviz:graphviz:1.12.3 cpe:/a:graphviz:graphviz:1.14.1 cpe:/a:graphviz:graphviz:1.16.1 cpe:/a:graphviz:graphviz:2.2 cpe:/a:graphviz:graphviz:2.2.1 cpe:/a:graphviz:graphviz:2.2.1.1 cpe:/a:graphviz:graphviz:2.2.2 cpe:/a:graphviz:graphviz:2.4 cpe:/a:graphviz:graphviz:2.6 cpe:/a:graphviz:graphviz:2.8 cpe:/a:graphviz:graphviz:2.10 cpe:/a:graphviz:graphviz:2.12 cpe:/a:graphviz:graphviz:2.14 cpe:/a:graphviz:graphviz:2.16 cpe:/a:graphviz:graphviz:2.18 cpe:/a:graphviz:graphviz:2.20.0 cpe:/a:graphviz:graphviz:2.20.1 cpe:/a:graphviz:graphviz:2.20.2 CVE-2008-4555 2008-10-14T17:10:35.770-04:00 2017-08-07T21:32:44.657-04:00 8.5 NETWORK MEDIUM SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-10-15T10:57:00.000-04:00 ALLOWS_ADMIN_ACCESS BUGTRAQ 20081008 Advisory: Graphviz Buffer Overflow Code Execution BID 31648 SECUNIA 32186 SECUNIA 32656 SREASON 4409 GENTOO GLSA-200811-04 SUSE SUSE-SR:2008:023 XF graphviz-pushsubg-bo(45765) CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=240636 MISC http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.