Bug 857854 (CVE-2014-0978) - VUL-1: CVE-2014-0978: graphviz: stack-based buffer overflow in yyerror()
Summary: VUL-1: CVE-2014-0978: graphviz: stack-based buffer overflow in yyerror()
Status: RESOLVED FIXED
Alias: CVE-2014-0978
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Philipp Thomas
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv2:NVD:CVE-2014-1235:6.8:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-08 09:36 UTC by Sebastian Krahmer
Modified: 2020-04-01 22:10 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Sebastian Krahmer 2014-01-08 09:43:22 UTC 
Issue minor enough to just update Factory.
Comment 2 Sebastian Krahmer 2014-01-08 09:55:41 UTC 
Seems like their commit d266bb2b4154d11c27252b56d86963aef4434750
also fixes an additional sprintf().
Comment 3 Swamp Workflow Management 2014-01-09 23:00:27 UTC 
bugbot adjusting priority
Comment 4 Alexander Bergmann 2014-01-10 11:18:13 UTC 
Two additional CVEs because of improper fix.

> a sprintf() which is also later removed by commit
> d266bb2b4154d11c27252b56d86963aef4434750 just for safety reasons.

Use CVE-2014-1235.

> chkNum:
> also looks like a buffer overflow from user input; yet unfixed.
> (the regex seems to accept arbitrary long digit list)

Use CVE-2014-1236.
Comment 5 Sebastian Krahmer 2014-01-13 07:15:33 UTC 
Should be enough to fix in Factory.
Comment 6 Philipp Thomas 2014-05-23 13:39:08 UTC 
This has already been fixed in factory with 2.36.0 in february. I just forgot to state that in this bug and close it.