CVE-2019-9904

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions graphviz version 2.40.1

Description An issue was discovered in libcdtdttree.c in libcdt.a, related to recursive agclose calls in libcgraphgraph.c in libcgraph.a. This issue is connected to agfstsubg in libcgraphsubg.c, leading to stack consumption.

Recommendations For graphviz version 2.40.1, consider disabling the recursive agclose calls in libcgraphgraph.c as a temporary workaround until a patch is available. Restrict access to the agfstsubg function in libcgraphsubg.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

ALT-PU-2020-1430

ALT-PU-2020-3007

ALT-PU-2025-1286

CVE-2019-9904

Affected Products

Alt Linux

Graphviz

CVE-2019-9904

Weakness Enumeration

Related Identifiers

Affected Products

References · 18