Search for packages
Package details: pkg:deb/debian/graphviz@2.42.2-5%2Bdeb11u1
purl pkg:deb/debian/graphviz@2.42.2-5%2Bdeb11u1
Next non-vulnerable version 2.42.4-3
Latest non-vulnerable version 2.42.4-3
Risk 3.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-ujpf-naqy-3fc2
Aliases:
CVE-2023-46045
Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.
2.42.4-3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-vekw-ewkt-r3eq Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. CVE-2020-18032

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T14:10:41.003596+00:00 Debian Oval Importer Fixing VCID-vekw-ewkt-r3eq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:02:32.063243+00:00 Debian Importer Affected by VCID-ujpf-naqy-3fc2 https://security-tracker.debian.org/tracker/data/json 37.0.0