Search for vulnerabilities
Vulnerability details: VCID-us9k-2tn2-aaag
Vulnerability ID VCID-us9k-2tn2-aaag
Aliases CVE-2014-1235
Summary Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-121 Stack-based Buffer Overflow
System Score Found at
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01182 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01505 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01505 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01505 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01505 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01674 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01839 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01922 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01922 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01922 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01922 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01922 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01922 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01922 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01922 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01922 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01922 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
epss 0.01922 https://api.first.org/data/v1/epss?cve=CVE-2014-1235
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2014-1235
cvssv3 7.8 https://nvd.nist.gov/vuln/detail/CVE-2014-1235
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1235.json
https://api.first.org/data/v1/epss?cve=CVE-2014-1235
https://bugzilla.redhat.com/show_bug.cgi?id=1050871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1235
http://seclists.org/oss-sec/2014/q1/54
https://exchange.xforce.ibmcloud.com/vulnerabilities/90198
https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750
https://security.gentoo.org/glsa/201702-06
http://www.securityfocus.com/bid/64736
734745 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734745
cpe:2.3:a:graphviz:graphviz:2.34.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:graphviz:graphviz:2.34.0:*:*:*:*:*:*:*
CVE-2014-1235 https://nvd.nist.gov/vuln/detail/CVE-2014-1235
USN-2083-1 https://usn.ubuntu.com/2083-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-1235
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2014-1235
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.76833
EPSS Score 0.01182
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.