CVE-2023-46045

Name
CVE-2023-46045
Description
Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://gitlab.com/graphviz/graphviz/-/issues/2441
cve@mitre.org https://seclists.org/fulldisclosure/2024/Jan/73
cve@mitre.org https://www.openwall.com/lists/oss-security/2024/02/01/2
cve@mitre.org http://seclists.org/fulldisclosure/2024/Feb/24

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:graphviz:graphviz:*:*:*:*:*:*:*:* graphviz >= 2.36.0 < 10.0.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
graphviz edge-main 9.0.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
graphviz 3.19-main 9.0.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
graphviz 3.18-main 8.0.5-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
graphviz 3.17-main 7.0.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
graphviz 3.16-main 3.0.0-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable