Please Install the Updated Packages.

It was discovered that Graphviz incorrectly handled memory in the yyerror function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. (CVE-2014-0978, CVE-2014-1235) It was discovered that Graphviz incorrectly handled memory in the chkNum function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. (CVE-2014-1236) The default compiler options for affected releases should reduce the vulnerability to a denial of service.

graphviz on Ubuntu 13.10 , Ubuntu 13.04 , Ubuntu 12.10 , Ubuntu 12.04 LTS , Ubuntu 10.04 LTS

• https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-January/002374.html

---

Updated on 2015-03-25