oss-security - CVE request: graphviz buffer overflow while parsinf DOT file

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <20081015115929.GC25586@suse.de>
Date: Wed, 15 Oct 2008 13:59:29 +0200
From: Thomas Biege <thomas@...e.de>
To: coley@...re.org, oss-security@...ts.openwall.com
Subject: CVE request: graphviz buffer overflow while parsinf DOT file

Hi,
was a CVE-ID assigned to the following issue already?

-------------------------------
The graphviz team has just released a patch to a critical security issue
I reported to them. 

The following is the advisory (also available at
http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html):

Background 
==========
Graphviz is an open-source multi-platform graph visualization software. It
takes a description of graphs in a simple text format (DOT language), and
makes diagrams out of it in several useful formats (including SVG).
...
-------------------------------

-- 
Bye,
     Thomas
-- 
 Thomas Biege <thomas@...e.de>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
-- 
           Hamming's Motto:
           The purpose of computing is insight, not numbers.
                                -- Richard W. Hamming

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.