CVE-2018-10196

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.

References

https://lists.fedoraproject.org/archives/list/[email protected]/message/TWUEEJPMS5LAROYJYY6FREOTI6VPN3M4/

https://lists.fedoraproject.org/archives/list/[email protected]/message/N6VR2CT3LD52GWAQUZAOSEXSYE3O7HGN/

https://gitlab.com/graphviz/graphviz/issues/1367

https://bugzilla.redhat.com/show_bug.cgi?id=1579254

https://usn.ubuntu.com/3731-1/

https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html

Details

Source: MITRE

Published: 2018-05-30

Updated: 2021-05-13

Type: CWE-476

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
149485Debian DLA-2659-1 : graphviz security updateNessusDebian Local Security Checks
high
149186EulerOS 2.0 SP3 : graphviz (EulerOS-SA-2021-1793)NessusHuawei Local Security Checks
medium
146646EulerOS 2.0 SP2 : graphviz (EulerOS-SA-2021-1303)NessusHuawei Local Security Checks
medium
143816SUSE SLES12 Security Update : graphviz (SUSE-SU-2020:3090-1)NessusSuSE Local Security Checks
medium
142088EulerOS 2.0 SP5 : graphviz (EulerOS-SA-2020-2284)NessusHuawei Local Security Checks
medium
140081openSUSE Security Update : graphviz (openSUSE-2020-1303)NessusSuSE Local Security Checks
medium
140079openSUSE Security Update : graphviz (openSUSE-2020-1294)NessusSuSE Local Security Checks
medium
139907SUSE SLED15 / SLES15 Security Update : graphviz (SUSE-SU-2020:2346-1)NessusSuSE Local Security Checks
medium
120298Fedora 28 : graphviz (2018-25674bb48e)NessusFedora Local Security Checks
medium
111578Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : lftp vulnerability (USN-3731-1)NessusUbuntu Local Security Checks
medium
110211Fedora 27 : graphviz (2018-fd850e033d)NessusFedora Local Security Checks
medium