{"id":"CVE-2020-18032","details":"Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the \"lib/common/shapes.c\" component.","modified":"2026-04-16T04:40:10.814834300Z","published":"2021-04-29T18:15:08.793Z","related":["ALSA-2021:4256","CGA-w82j-rqj6-whph","SUSE-SU-2021:1646-1","SUSE-SU-2021:1651-1","openSUSE-SU-2021:0757-1","openSUSE-SU-2021:1651-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4914"},{"type":"REPORT","url":"https://security.gentoo.org/glsa/202107-04"},{"type":"FIX","url":"https://gitlab.com/graphviz/graphviz/-/issues/1700"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/graphviz/graphviz","events":[{"introduced":"0"},{"fixed":"4f263aeb7fccdfac1e71a305f437a997385bdf59"},{"introduced":"0"},{"last_affected":"5733d3a95898f1380424ab15f966ace9a283d506"},{"introduced":"0"},{"last_affected":"1c6cb9d3de553bd3e3caeea9a61ebe04034d07ee"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.46.0"},{"introduced":"0"},{"last_affected":"9.0"},{"introduced":"0"},{"last_affected":"10.0"}]}}],"versions":["10.0.1","2.38.0","2.42.0","2.42.2","2.42.3","2.42.4","2.44.0","2.44.1","2.46.0","2.46.1","2.47.0","2.47.1","2.47.2","2.47.3","2.48.0","2.49.0","2.49.1","2.49.2","2.49.3","2.50.0","3.0.0","4.0.0","5.0.0","5.0.1","6.0.1","6.0.2","7.0.0","7.0.1","7.0.2","7.0.3","7.0.4","7.0.5","7.0.6","8.0.1","8.0.2","8.0.3","8.0.4","8.0.5","8.1.0","9.0.0","TRAVIS_CI_BUILD_EXPERIMENTAL","stable_release_2.42.0","stable_release_2.42.2","stable_release_2.42.3","stable_release_2.42.4","stable_release_2.44.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-18032.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}