NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "14.04"
},
{
"last_affected": "14.04"
},
{
"introduced": "16.04"
},
{
"last_affected": "16.04"
},
{
"introduced": "18.04"
},
{
"last_affected": "18.04"
}
],
"vendor_product": "canonical:ubuntu_linux",
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "27"
},
{
"last_affected": "27"
},
{
"introduced": "28"
},
{
"last_affected": "28"
}
],
"vendor_product": "fedoraproject:fedora",
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*"
]
}
]
}