NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
https://bugzilla.redhat.com/show_bug.cgi?id=1579254
https://gitlab.com/graphviz/graphviz/issues/1367
https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html