Bug 1130628 – VUL-1: CVE-2019-9904: graphviz: recursive function call in agclose in lib\cgraph\graph.c causing stack consumption

Bug 1130628 - (CVE-2019-9904) VUL-1: CVE-2019-9904: graphviz: recursive function call in agclose in lib\cgraph\graph.c causing stack consumption

(CVE-2019-9904)
Summary:	VUL-1: CVE-2019-9904: graphviz: recursive function call in agclose in lib\cgr...

Status:	RESOLVED INVALID

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assigned To:	Philipp Thomas
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/226792/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2019-03-27 07:10 UTC by Marcus Meissner
Modified:	2019-03-27 07:14 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
SOFGFV.txt (23.51 KB, text/plain) 2019-03-27 07:12 UTC, Marcus Meissner	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2019-03-27 07:10:08 UTC

rh#1691717

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.

Reference:
https://gitlab.com/graphviz/graphviz/issues/1512
https://research.loginsoft.com/vulnerability/stack-buffer-overflow-in-function-agclose-graphviz/

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1691717
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9904
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9904.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9904
https://gitlab.com/graphviz/graphviz/issues/1512
https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/

Comment 1 Marcus Meissner 2019-03-27 07:12:41 UTC

Created attachment 801311 [details]
SOFGFV.txt

QA REPRODUCER:

bcomps -s -t -v -x -o OUT.ps SOFGFV.txt 

should not crash

Comment 2 Marcus Meissner 2019-03-27 07:14:52 UTC

all our versions report:

Warning: SOFGFV.txt:2: memory exhausted in line 2 near '{'
G: 0 blocks 0 cutpoints
Warning: SOFGFV.txt:2: syntax error in line 2 near '{'


without memory impact or so.


no crashes.

-> INVALID