Debian DSA-2843-1 : graphviz - buffer overflow
Critical Nessus Plugin ID 71934
SynopsisThe remote Debian host is missing a security-related update.
DescriptionTwo buffer overflow vulnerabilities were reported in Graphviz, a rich collection of graph drawing tools. The Common Vulnerabilities and Exposures project identifies the following issues :
- CVE-2014-0978 It was discovered that user-supplied input used in the yyerror() function in lib/cgraph/scan.l is not bound-checked before beeing copied into an insufficiently sized memory buffer. A context-dependent attacker could supply a specially crafted input file containing a long line to cause a stack-based buffer overlow, resulting in a denial of service (application crash) or potentially allowing the execution of arbitrary code.
- CVE-2014-1236 Sebastian Krahmer reported an overflow condition in the chkNum() function in lib/cgraph/scan.l that is triggered as the used regular expression accepts an arbitrary long digit list. With a specially crafted input file, a context-dependent attacker can cause a stack-based buffer overflow, resulting in a denial of service (application crash) or potentially allowing the execution of arbitrary code.
SolutionUpgrade the graphviz packages.
For the oldstable distribution (squeeze), these problems have been fixed in version 2.26.3-5+squeeze2.
For the stable distribution (wheezy), these problems have been fixed in version 2.26.3-14+deb7u1.