The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of graphviz: NULL pointer dereference via agroot

Synthesis of the vulnerability 

An attacker can force a NULL pointer to be dereferenced in agroot() of graphviz, in order to trigger a denial of service.
Impacted products: openSUSE Leap, SLES.
Severity of this bulletin: 1/4.
Creation date: 17/05/2019.
Références of this threat: CVE-2019-11023, openSUSE-SU-2019:1434-1, openSUSE-SU-2019:1459-1, openSUSE-SU-2020:0876-1, openSUSE-SU-2020:0906-1, SUSE-SU-2019:1267-1, SUSE-SU-2019:1267-2, VIGILANCE-VUL-29349.

Description of the vulnerability 

An attacker can force a NULL pointer to be dereferenced in agroot() of graphviz, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability bulletin impacts software or systems such as openSUSE Leap, SLES.

Our Vigil@nce team determined that the severity of this vulnerability bulletin is low.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this threat note.

Solutions for this threat 

openSUSE Leap 15.2: new graphviz packages (29/06/2020).
New packages are available:
  openSUSE Leap 15.2: graphviz 2.40.1-lp152.7.2.1

openSUSE Leap 15.2: new graphviz packages (30/06/2020).
New packages are available:
  openSUSE Leap 15.2: graphviz 2.40.1-lp152.7.4.2

openSUSE Leap 15: new graphviz packages (22/05/2019).
New packages are available:
  openSUSE Leap 15.1: graphviz 2.40.1-lp151.6.3.1
  openSUSE Leap 15.0: graphviz 2.40.1-lp150.5.3.1

SUSE LE 15: new graphviz packages.
New packages are available:
  SUSE LE 15 RTM: graphviz 2.40.1-6.3.2

SUSE LE 15 SP1: new graphviz packages.
New packages are available:
  SUSE LE 15 SP1: graphviz 2.40.1-6.3.2
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability note. The technology watch team tracks security threats targeting the computer system.