Note:
This project will be discontinued after December 13, 2021. [more]
2019-03-21
An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.
| Products | Graphviz |
| Type | Uncontrolled Recursion (CWE-674) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/
• https://security.gentoo.org/glsa/202107-04 • https://gitlab.com/graphviz/graphviz/issues/1512 |