#925284 graphviz: CVE-2019-9904

Package:
src:graphviz
Source:
graphviz
Submitter:
Salvatore Bonaccorso
Date:
2021-04-08 17:33:10 UTC
Severity:
normal
Tags:
#925284#5
Date:
2019-03-22 13:10:52 UTC
From:
To:
Hi,

The following vulnerability was published for graphviz.

CVE-2019-9904[0]:
| An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz
| 2.40.1. Stack consumption occurs because of recursive agclose calls in
| lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in
| lib\cgraph\subg.c.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-9904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9904
[1] https://gitlab.com/graphviz/graphviz/issues/1512

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore