Vulnerability Details : CVE-2023-46045
Potential exploit
Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.
Products affected by CVE-2023-46045
- cpe:2.3:a:graphviz:graphviz:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-46045
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-46045
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-05-15 |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-02-10 |
CWE ids for CVE-2023-46045
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-46045
-
https://www.openwall.com/lists/oss-security/2024/02/01/2
oss-security - Re: Numerous unconfirmed FOSS CVEs disclosed on FD mailing listMailing List
-
https://seclists.org/fulldisclosure/2024/Jan/73
Full Disclosure: Re: Buffer Overflow in graphviz via via a crafted config6a fileMailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2024/Feb/24
Full Disclosure: Re: Buffer Overflow in graphviz via via a crafted config6a file
-
https://gitlab.com/graphviz/graphviz/-/issues/2441
Possible SEGV (buffer overflow) in libgvc (#2441) · Issues · graphviz / graphviz · GitLabExploit;Issue Tracking
-
https://seclists.org/fulldisclosure/2024/Feb/24
Full Disclosure: Re: Buffer Overflow in graphviz via via a crafted config6a file
Jump to