GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sat Jul 03, 2021 5:26 am Post subject: [ GLSA 202107-04 ] Graphviz |
 |
|
Gentoo Linux Security Advisory
Title: Graphviz: Multiple vulnerabilities
(GLSA 202107-04)
Severity: normal
Exploitable: local, remote
Date: 2021-07-03
Bug(s): #684844
ID: 202107-04
Synopsis
Multiple vulnerabilities have been found in Graphviz, the worst of
which could result in the arbitrary execution of code.
Background
Graphviz is an open source graph visualization software.
Affected Packages
Package: media-gfx/graphviz
Vulnerable: < 2.47.1
Unaffected: >= 2.47.1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Graphviz. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to process a specially crafted
file using Graphviz, possibly resulting in execution of arbitrary code
with the privileges of the process or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Graphviz users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/graphviz-2.47.1"
|
References
CVE-2019-9904
CVE-2020-18032 |
|
News & Announcements
