Home

CVE-2020-18032

Description

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the lib/common/shapes.c component.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.403

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-18032 are affected in Graphviz (x64) 1.7.3Windows
graphviz security update(DSA-4914-1) graphviz_2.40.1-6+deb10u1_i386.debLinux
graphviz security update(DSA-4914-1) graphviz_2.40.1-6+deb10u1_amd64.debLinux
SUSE-SU-2021:1646-1(SUSE Linux Enterprise Server 12-SP5 ) graphviz-2.28.0-29.6.1.x86_64.rpmLinux
SUSE-SU-2021:1646-1(SUSE Linux Enterprise Server 12-SP5 ) graphviz-debuginfo-2.28.0-29.6.1.x86_64.rpmLinux
SUSE-SU-2021:1646-1(SUSE Linux Enterprise Server 12-SP5 ) graphviz-debugsource-2.28.0-29.6.1.x86_64.rpmLinux
SUSE-SU-2021:1646-1(SUSE Linux Enterprise Server 12-SP5 ) graphviz-gd-2.28.0-29.6.1.x86_64.rpmLinux
SUSE-SU-2021:1646-1(SUSE Linux Enterprise Server 12-SP5 ) graphviz-gd-debuginfo-2.28.0-29.6.1.x86_64.rpmLinux
SUSE-SU-2021:1646-1(SUSE Linux Enterprise Server 12-SP5 ) graphviz-gnome-2.28.0-29.6.1.x86_64.rpmLinux
SUSE-SU-2021:1646-1(SUSE Linux Enterprise Server 12-SP5 ) graphviz-gnome-debuginfo-2.28.0-29.6.1.x86_64.rpmLinux
SUSE-SU-2021:1646-1(SUSE Linux Enterprise Server 12-SP5 ) graphviz-plugins-debugsource-2.28.0-29.6.1.x86_64.rpmLinux
SUSE-SU-2021:1646-1(SUSE Linux Enterprise Server 12-SP5 ) graphviz-tcl-2.28.0-29.6.1.x86_64.rpmLinux
SUSE-SU-2021:1646-1(SUSE Linux Enterprise Server 12-SP5 ) graphviz-tcl-debuginfo-2.28.0-29.6.1.x86_64.rpmLinux
babel update (CESAS-2023-0001) babel-2.5.1-10.module_el8+299+aa6e9afa.noarch.rpmLinux
libcurl update (CESAS-2023-0001) libcurl-7.61.1-30.el8.i686.rpmLinux
libcurl update (CESAS-2023-0001) libcurl-7.61.1-30.el8.x86_64.rpmLinux
graphviz update (CESAS-2023-0001) graphviz-2.40.1-44.el8.i686.rpmLinux
graphviz update (CESAS-2023-0001) graphviz-2.40.1-44.el8.x86_64.rpmLinux
libcurl update (CESAS-2023-0001) libcurl-devel-7.61.1-30.el8.i686.rpmLinux
libcurl update (CESAS-2023-0001) libcurl-devel-7.61.1-30.el8.x86_64.rpmLinux
libcurl update (CESAS-2023-0001) libcurl-minimal-7.61.1-30.el8.i686.rpmLinux
libcurl update (CESAS-2023-0001) libcurl-minimal-7.61.1-30.el8.x86_64.rpmLinux
xorg update (CESAS-2023-0001) xorg-x11-server-Xdmx-1.20.11-15.el8.x86_64.rpmLinux
SUSE-SU-2021:1651-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) graphviz-2.40.1-6.9.1.x86_64.rpmLinux
SUSE-SU-2021:1651-1(SUSE Linux Enterprise Module for Server Applications 15-SP3 ) graphviz-tcl-2.40.1-6.9.1.x86_64.rpmLinux
SUSE-SU-2021:1651-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libgraphviz6-2.40.1-6.9.1.x86_64.rpmLinux
SUSE-SU-2021:1651-1(SUSE Linux Enterprise Module for Development Tools 15-SP3 ) graphviz-perl-2.40.1-6.9.1.x86_64.rpmLinux
SUSE-SU-2021:1651-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) graphviz-devel-2.40.1-6.9.1.x86_64.rpmLinux
SUSE-SU-2021:1651-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) graphviz-debuginfo-2.40.1-6.9.1.x86_64.rpmLinux
SUSE-SU-2021:1651-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) graphviz-debugsource-2.40.1-6.9.1.x86_64.rpmLinux
SUSE-SU-2021:1651-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) graphviz-plugins-core-2.40.1-6.9.1.x86_64.rpmLinux
SUSE-SU-2021:1651-1(SUSE Linux Enterprise Module for Server Applications 15-SP3 ) graphviz-tcl-debuginfo-2.40.1-6.9.1.x86_64.rpmLinux
SUSE-SU-2021:1651-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libgraphviz6-debuginfo-2.40.1-6.9.1.x86_64.rpmLinux
SUSE-SU-2021:1651-1(SUSE Linux Enterprise Module for Development Tools 15-SP3 ) graphviz-perl-debuginfo-2.40.1-6.9.1.x86_64.rpmLinux
SUSE-SU-2021:1651-1(SUSE Linux Enterprise Module for Server Applications 15-SP3 ) graphviz-addons-debuginfo-2.40.1-6.9.1.x86_64.rpmLinux
SUSE-SU-2021:1651-1(SUSE Linux Enterprise Module for Server Applications 15-SP3 ) graphviz-addons-debugsource-2.40.1-6.9.1.x86_64.rpmLinux
SUSE-SU-2021:1651-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) graphviz-plugins-core-debuginfo-2.40.1-6.9.1.x86_64.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-2.40.1-43.el8.i686.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-2.40.1-43.el8.x86_64.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-debuginfo-2.40.1-43.el8.i686.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-debuginfo-2.40.1-43.el8.x86_64.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-debugsource-2.40.1-43.el8.i686.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-debugsource-2.40.1-43.el8.x86_64.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-gd-debuginfo-2.40.1-43.el8.i686.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-gd-debuginfo-2.40.1-43.el8.x86_64.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-guile-debuginfo-2.40.1-43.el8.i686.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-guile-debuginfo-2.40.1-43.el8.x86_64.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-java-debuginfo-2.40.1-43.el8.i686.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-java-debuginfo-2.40.1-43.el8.x86_64.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-lua-debuginfo-2.40.1-43.el8.i686.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-lua-debuginfo-2.40.1-43.el8.x86_64.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-ocaml-debuginfo-2.40.1-43.el8.i686.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-ocaml-debuginfo-2.40.1-43.el8.x86_64.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-perl-debuginfo-2.40.1-43.el8.i686.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-perl-debuginfo-2.40.1-43.el8.x86_64.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-python3-debuginfo-2.40.1-43.el8.i686.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-python3-debuginfo-2.40.1-43.el8.x86_64.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-ruby-debuginfo-2.40.1-43.el8.i686.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-ruby-debuginfo-2.40.1-43.el8.x86_64.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-tcl-debuginfo-2.40.1-43.el8.i686.rpmLinux
(RHSA-2021:4256)Moderate: security update graphviz-tcl-debuginfo-2.40.1-43.el8.x86_64.rpmLinux
graphviz security update (RLSA-2021:4256) graphviz-2.40.1-43.el8.i686.rpmLinux
graphviz security update (RLSA-2021:4256) graphviz-2.40.1-43.el8.x86_64.rpmLinux
Graphviz update (ELSA-2021-4256) graphviz-2.40.1-43.el8.i686.rpmLinux
Graphviz update (ELSA-2021-4256) graphviz-2.40.1-43.el8.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234