First published: Wed Dec 03 2014(Updated: )
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian | =7.0 | |
Debian | =8.0 | |
Graphviz | <2.42.4 | |
Graphviz |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-9157 has a medium severity rating due to the potential for remote attackers to exploit the vulnerability.
To fix CVE-2014-9157, upgrade to a patched version of Graphviz that addresses the format string vulnerability.
CVE-2014-9157 affects Graphviz versions up to but not including 2.42.4, as well as specific Debian Linux releases 7.0 and 8.0.
Exploiting CVE-2014-9157 may allow remote attackers to cause unspecified effects through unhandled format string specifiers.
CVE-2014-9157 may still be a concern for systems running affected versions of Graphviz or the specified Debian releases that have not been updated.