ID CVE-2014-9157
Summary Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
References
Vulnerable Configurations
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • cpe:2.3:a:graphviz:graphviz
    cpe:2.3:a:graphviz:graphviz
CVSS
Base: 7.5 (as of 01-06-2016 - 16:08)
Impact:
Exploitability:
CWE CWE-134
CAPEC
  • Format String Injection
    An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
  • String Format Overflow in syslog()
    This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3098.NASL
    description Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79885
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79885
    title Debian DSA-3098-1 : graphviz - security update
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-248.NASL
    description Updated graphviz packages fix security vulnerability : Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string (CVE-2014-9157).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 79993
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79993
    title Mandriva Linux Security Advisory : graphviz (MDVSA-2014:248)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-15811.NASL
    description This is an update fixing format string vulnerability in cgraph. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 79784
    published 2014-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79784
    title Fedora 19 : graphviz-2.30.1-13.fc19 (2014-15811)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-488.NASL
    description Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 81676
    published 2015-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81676
    title Amazon Linux AMI : graphviz-php (ALAS-2015-488)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-187.NASL
    description Updated graphviz packages fix security vulnerability : Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string (CVE-2014-9157). Additionally the gtkglarea2 and gtkglext packages were missing and was required for graphviz to build, these packages are also being provided with this advisory.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 82558
    published 2015-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82558
    title Mandriva Linux Security Advisory : graphviz (MDVSA-2015:187)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-105.NASL
    description Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82089
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82089
    title Debian DLA-105-1 : graphviz security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-15760.NASL
    description This is an update fixing format string vulnerability in cgraph. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 79782
    published 2014-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79782
    title Fedora 21 : graphviz-2.38.0-11.fc21 (2014-15760)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2435-1.NASL
    description It was discovered that graphviz incorrectly handled parsing errors. An attacker could use this issue to cause graphviz to crash or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 79825
    published 2014-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79825
    title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : graphviz vulnerability (USN-2435-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-487.NASL
    description Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 81675
    published 2015-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81675
    title Amazon Linux AMI : graphviz (ALAS-2015-487)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-15812.NASL
    description This is an update fixing format string vulnerability in cgraph. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 79750
    published 2014-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79750
    title Fedora 20 : graphviz-2.34.0-10.fc20 (2014-15812)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1341.NASL
    description This update for graphviz fixes the following issues : Security issue fixed : - CVE-2014-9157: Fix format string vulnerability (boo#908426).
    last seen 2019-02-21
    modified 2017-12-14
    plugin id 105231
    published 2017-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105231
    title openSUSE Security Update : graphviz (openSUSE-2017-1341)
refmap via4
bid 71283
confirm
debian DSA-3098
mandriva
  • MDVSA-2014:248
  • MDVSA-2015:187
mlist
  • [oss-security] 20141125 CVE Request: Graphviz format string vuln
  • [oss-security] 20141201 Re: Re: CVE Request: Graphviz format string vuln
secunia 60166
xf graphviz-format-sting(98949)
Last major update 01-06-2016 - 22:35
Published 03-12-2014 - 16:59
Last modified 07-09-2017 - 21:29
Back to Top