CVE-2023-46045

CVE-2023-46045

Name

CVE-2023-46045

Description

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://gitlab.com/graphviz/graphviz/-/issues/2441
cve@mitre.org	https://seclists.org/fulldisclosure/2024/Jan/73
cve@mitre.org	https://www.openwall.com/lists/oss-security/2024/02/01/2
mailing-list	http://seclists.org/fulldisclosure/2024/Feb/24
cve@mitre.org	https://seclists.org/fulldisclosure/2024/Feb/24
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/176816/graphviz-2.43.0-Buffer-Overflow-Code-Execution.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2024/Jan/62
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2024/Jan/73

Type

URI

cve@mitre.org

https://gitlab.com/graphviz/graphviz/-/issues/2441

cve@mitre.org

https://seclists.org/fulldisclosure/2024/Jan/73

cve@mitre.org

https://www.openwall.com/lists/oss-security/2024/02/01/2

mailing-list

http://seclists.org/fulldisclosure/2024/Feb/24

cve@mitre.org

https://seclists.org/fulldisclosure/2024/Feb/24

af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/176816/graphviz-2.43.0-Buffer-Overflow-Code-Execution.html

af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2024/Jan/62

af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2024/Jan/73

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a

CPE URI

Source package

Min version

Max version

n/a

== n/a

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
graphviz	3.20-main	9.0.0-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
graphviz	3.19-main	9.0.0-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
graphviz	3.18-main	8.0.5-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
graphviz	3.17-main	7.0.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

graphviz

3.20-main

9.0.0-r2

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

graphviz

3.19-main