PT-2020-6595 · Graphviz+9 · Graphviz+9

Published

2020-04-17

·

Updated

2026-02-18

·

CVE-2020-18032

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Graphviz versions prior to commit ID f8b9e035
Description The issue is related to a buffer overflow in the Graphviz graph visualization tools, specifically in the "lib/common/shapes.c" component. This allows remote attackers to execute arbitrary code or cause a denial of service by loading a crafted file. The vulnerability is also associated with a lack of size checking for copied data, which can be exploited to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted file.
Recommendations For versions prior to commit ID f8b9e035, consider updating to a version that includes the necessary security patches to fix the buffer overflow issue in the "lib/common/shapes.c" component. As a temporary workaround, avoid loading crafted files into the vulnerable component to minimize the risk of exploitation. Restrict access to the "lib/common/shapes.c" component to prevent remote attackers from executing arbitrary code or causing a denial of service.

Exploit

Fix

DoS

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2021:4256
ALT-PU-2022-1623
AZL-34767
AZL-6454
BDU:2022-00340
CESA-2021_4256
CVE-2020-18032
DLA-2659-1
DSA-4914-1
MGASA-2021-0228
OESA-2021-1195
OPENSUSE-SU-2021:0757-1
OPENSUSE-SU-2021:1651-1
OPENSUSE-SU-2021_0757-1
OPENSUSE-SU-2021_1651-1
RHSA-2021:4256
RHSA-2021_4256
RLSA-2021:4256
SUSE-SU-2021:1646-1
SUSE-SU-2021:1651-1
SUSE-SU-2021_1646-1
SUSE-SU-2021_1651-1
USN-5264-1
USN-5971-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Graphviz
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu