Vulnerabilities > CVE-2014-9157 - Use of Externally-Controlled Format String vulnerability in multiple products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

debian

graphviz

CWE-134

nessus

NVD

Published: 2014-12-03

Updated: 2024-11-21

Summary

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

Vulnerable Configurations

Part	Description	Count
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 7.0	2
Application	Graphviz Graphviz Graphviz - Graphviz Graphviz 1.7.3 Graphviz Graphviz 1.7.4 Graphviz Graphviz 1.7.5 Graphviz Graphviz 1.7.6 Graphviz Graphviz 1.8.0 Graphviz Graphviz 1.8.1 Graphviz Graphviz 1.8.2 Graphviz Graphviz 1.8.3 Graphviz Graphviz 1.8.4 Graphviz Graphviz 1.8.5 Graphviz Graphviz 1.8.6 Graphviz Graphviz 1.8.7 Graphviz Graphviz 1.8.9 Graphviz Graphviz 1.8.10 Graphviz Graphviz 1.9 Graphviz Graphviz 1.10 Graphviz Graphviz 1.11 Graphviz Graphviz 1.12 Graphviz Graphviz 1.14 Graphviz Graphviz 1.16 Graphviz Graphviz 1.18 Graphviz Graphviz 2.0 Graphviz Graphviz 2.2 Graphviz Graphviz 2.2.1 Graphviz Graphviz 2.4 Graphviz Graphviz 2.6 Graphviz Graphviz 2.8 Graphviz Graphviz 2.10 Graphviz Graphviz 2.12 Graphviz Graphviz 2.14 Graphviz Graphviz 2.14.1 Graphviz Graphviz 2.16 Graphviz Graphviz 2.16.1 Graphviz Graphviz 2.18 Graphviz Graphviz 2.20.0 Graphviz Graphviz 2.20.1 Graphviz Graphviz 2.20.2 Graphviz Graphviz 2.22.0 Graphviz Graphviz 2.22.1 Graphviz Graphviz 2.22.2 Graphviz Graphviz 2.24.0 Graphviz Graphviz 2.26.0 Graphviz Graphviz 2.26.3 Graphviz Graphviz 2.28.0 Graphviz Graphviz 2.30.0 Graphviz Graphviz 2.30.1 Graphviz Graphviz 2.32.0 Graphviz Graphviz 2.34.0 Graphviz Graphviz 2.36.0 Graphviz Graphviz 2.38.0 Graphviz Graphviz 2.39.20160612.1140 Graphviz Graphviz 2.40.0 Graphviz Graphviz 2.40.1 Graphviz Graphviz 2.42.0 Graphviz Graphviz 2.42.1 Graphviz Graphviz 2.42.2 Graphviz Graphviz 2.42.3	58

Common Weakness Enumeration (CWE)

CWE-134 - Use of Externally-Controlled Format String

Common Attack Pattern Enumeration and Classification (CAPEC)

Format String Injection
An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
String Format Overflow in syslog()
This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-105.NASL
description	Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2015-03-26
plugin id	82089
published	2015-03-26
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82089
title	Debian DLA-105-1 : graphviz security update
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-105-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(82089); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-9157"); script_bugtraq_id(71283); script_name(english:"Debian DLA-105-1 : graphviz security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2014/12/msg00008.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/graphviz" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:graphviz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:graphviz-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:graphviz-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcdt4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcgraph5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgraph4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgraphviz-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgv-guile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgv-lua"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgv-ocaml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgv-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgv-php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgv-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgv-ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgv-tcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgvc5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgvc5-plugins-gtk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgvpr1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpathplan4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxdot4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"graphviz", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"graphviz-dev", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"graphviz-doc", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libcdt4", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libcgraph5", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libgraph4", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libgraphviz-dev", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libgv-guile", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libgv-lua", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libgv-ocaml", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libgv-perl", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libgv-php5", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libgv-python", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libgv-ruby", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libgv-tcl", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libgvc5", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libgvc5-plugins-gtk", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libgvpr1", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libpathplan4", reference:"2.26.3-5+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libxdot4", reference:"2.26.3-5+squeeze3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2015-488.NASL
description	Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.
last seen	2020-06-01
modified	2020-06-02
plugin id	81676
published	2015-03-09
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/81676
title	Amazon Linux AMI : graphviz-php (ALAS-2015-488)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2015-488. # include("compat.inc"); if (description) { script_id(81676); script_version("1.2"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2014-9157"); script_xref(name:"ALAS", value:"2015-488"); script_name(english:"Amazon Linux AMI : graphviz-php (ALAS-2015-488)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2015-488.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update graphviz-php' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:graphviz-php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"graphviz-php-2.38.0-18.40.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "graphviz-php"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2592.NASL
description	According to the version of the graphviz packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.(CVE-2014-9157) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-08
modified	2019-12-18
plugin id	132127
published	2019-12-18
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132127
title	EulerOS 2.0 SP3 : graphviz (EulerOS-SA-2019-2592)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2435-1.NASL
description	It was discovered that graphviz incorrectly handled parsing errors. An attacker could use this issue to cause graphviz to crash or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	79825
published	2014-12-09
reporter	Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/79825
title	Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : graphviz vulnerability (USN-2435-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2355.NASL
description	According to the version of the graphviz packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.(CVE-2014-9157) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-08
modified	2019-12-10
plugin id	131847
published	2019-12-10
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131847
title	EulerOS 2.0 SP2 : graphviz (EulerOS-SA-2019-2355)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-15812.NASL
description	This is an update fixing format string vulnerability in cgraph. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-12-06
plugin id	79750
published	2014-12-06
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/79750
title	Fedora 20 : graphviz-2.34.0-10.fc20 (2014-15812)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2014-248.NASL
description	Updated graphviz packages fix security vulnerability : Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string (CVE-2014-9157).
last seen	2020-06-01
modified	2020-06-02
plugin id	79993
published	2014-12-15
reporter	This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/79993
title	Mandriva Linux Security Advisory : graphviz (MDVSA-2014:248)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-15811.NASL
description	This is an update fixing format string vulnerability in cgraph. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-12-07
plugin id	79784
published	2014-12-07
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/79784
title	Fedora 19 : graphviz-2.30.1-13.fc19 (2014-15811)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2015-487.NASL
description	Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.
last seen	2020-06-01
modified	2020-06-02
plugin id	81675
published	2015-03-09
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/81675
title	Amazon Linux AMI : graphviz (ALAS-2015-487)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2015-187.NASL
description	Updated graphviz packages fix security vulnerability : Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string (CVE-2014-9157). Additionally the gtkglarea2 and gtkglext packages were missing and was required for graphviz to build, these packages are also being provided with this advisory.
last seen	2020-06-01
modified	2020-06-02
plugin id	82558
published	2015-04-03
reporter	This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82558
title	Mandriva Linux Security Advisory : graphviz (MDVSA-2015:187)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3098.NASL
description	Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code.
last seen	2020-03-17
modified	2014-12-15
plugin id	79885
published	2014-12-15
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/79885
title	Debian DSA-3098-1 : graphviz - security update

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-1341.NASL
description	This update for graphviz fixes the following issues : Security issue fixed : - CVE-2014-9157: Fix format string vulnerability (boo#908426).
last seen	2020-06-05
modified	2017-12-14
plugin id	105231
published	2017-12-14
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/105231
title	openSUSE Security Update : graphviz (openSUSE-2017-1341)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-15760.NASL
description	This is an update fixing format string vulnerability in cgraph. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-12-07
plugin id	79782
published	2014-12-07
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/79782
title	Fedora 21 : graphviz-2.38.0-11.fc21 (2014-15760)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References