CVE-2019-11023

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-11023

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11023.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-11023

Related

Published

2019-04-08T23:29:00Z

Modified

2025-01-08T05:37:40.799441Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.

References

Affected packages

Debian:11 / graphviz

Package

Name: graphviz
Purl: pkg:deb/debian/graphviz?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.42.2-5

2.42.2-5+deb11u1

2.42.2-6

2.42.2-7

2.42.2-8

2.42.2-9

2.42.2-10

2.42.4-1

2.42.4-2

8.*

8.1.0-1

8.1.0-2

9.*

9.0.0-1

10.*

10.0.0~git231018-1

10.0.0~git231105-1

10.0.0~git231111-1

10.0.0~git231209-1

10.0.0~git231210-1

10.0.0~git231218-1

10.0.1-1

11.*

11.0.0-1

12.*

12.0.0-1

12.1.0-1

12.1.1-1

12.1.2-1

12.2.0-1

12.2.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / graphviz

Package

Name: graphviz
Purl: pkg:deb/debian/graphviz?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.42.2-7

2.42.2-7+deb12u1

2.42.2-8

2.42.2-9

2.42.2-10

2.42.4-1

2.42.4-2

8.*

8.1.0-1

8.1.0-2

9.*

9.0.0-1

10.*

10.0.0~git231018-1

10.0.0~git231105-1

10.0.0~git231111-1

10.0.0~git231209-1

10.0.0~git231210-1

10.0.0~git231218-1

10.0.1-1

11.*

11.0.0-1

12.*

12.0.0-1

12.1.0-1

12.1.1-1

12.1.2-1

12.2.0-1

12.2.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / graphviz

Package

Name: graphviz
Purl: pkg:deb/debian/graphviz?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.42.2-7

2.42.2-8

2.42.2-9

2.42.2-10

2.42.4-1

2.42.4-2

8.*

8.1.0-1

8.1.0-2

9.*

9.0.0-1

10.*

10.0.0~git231018-1

10.0.0~git231105-1

10.0.0~git231111-1

10.0.0~git231209-1

10.0.0~git231210-1

10.0.0~git231218-1

10.0.1-1

11.*

11.0.0-1

12.*

12.0.0-1

12.1.0-1

12.1.1-1

12.1.2-1

12.2.0-1

12.2.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}