Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | graphviz | 2015-03-04 15:53 | ALAS-2015-487 |
Amazon Linux 1 | graphviz-php | 2015-03-04 15:53 | ALAS-2015-488 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:N/A:P |
NVD | CVSSv2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |