CVE-2019-11023

Public on 2019-04-08

Modified on 2019-05-20

Description

The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.

Severity

Low

CVSS v3 Base Score

3.3

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	graphviz	2019-05-16	ALAS-2019-1207	Fixed