CVE-2023-46045

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.

Database specific

{
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/46xxx/CVE-2023-46045.json"
}

References

Affected packages

Git / gitlab.com/graphviz/graphviz

Affected ranges

Type: GIT
Repo: https://gitlab.com/graphviz/graphviz
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1c6cb9d3de553bd3e3caeea9a61ebe04034d07ee

Affected versions

2.*

2.38.0

2.42.0

2.42.2

2.42.3

2.42.4

2.44.0

2.44.1

2.46.0

2.46.1

2.47.0

2.47.1

2.47.2

2.47.3

2.48.0

2.49.0

2.49.1

2.49.2

2.49.3

2.50.0

3.*

3.0.0

4.*

4.0.0

5.*

5.0.0

5.0.1

6.*

6.0.1

6.0.2

7.*

7.0.0

7.0.1

7.0.2

7.0.3

7.0.4

7.0.5

7.0.6

8.*

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

8.1.0

9.*

9.0.0

Other

TRAVIS_CI_BUILD_EXPERIMENTAL

stable_release_2.*

stable_release_2.42.0

stable_release_2.42.2

stable_release_2.42.3

stable_release_2.42.4

stable_release_2.44.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-46045.json"