CVE-2014-9157

Name: CVE-2014-9157
Creator: NVD / NIST
Published: 2014-12-03T21:59:03.243+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.57%

Last modified Jun 17, 2026

CVE-2014-9157 is a vulnerability of currently unknown severity. Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.. EPSS estimates a 5.57% chance of exploitation in the next 30 days.

Description

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

Metrics

EPSS Probability

5.57%

91.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-134

Affected Software

Vendor	Product	Versions
Debian	Debian Linux	7.0
Debian	Debian Linux	8.0
Graphviz	Graphviz	< 2.42.4

References

http://advisories.mageia.org/MGASA-2014-0520.htmlThird Party Advisory
http://seclists.org/oss-sec/2014/q4/784Exploit, Mailing List, Third Party Advisory
http://seclists.org/oss-sec/2014/q4/872Exploit, Mailing List, Third Party Advisory
http://secunia.com/advisories/60166Broken Link
http://www.debian.org/security/2014/dsa-3098Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2014:248Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2015:187Broken Link
http://www.securityfocus.com/bid/71283Broken Link, Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/98949Third Party Advisory, VDB Entry
https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081Exploit, Third Party Advisory
http://advisories.mageia.org/MGASA-2014-0520.htmlThird Party Advisory
http://seclists.org/oss-sec/2014/q4/784Exploit, Mailing List, Third Party Advisory
http://seclists.org/oss-sec/2014/q4/872Exploit, Mailing List, Third Party Advisory
http://secunia.com/advisories/60166Broken Link
http://www.debian.org/security/2014/dsa-3098Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2014:248Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2015:187Broken Link
http://www.securityfocus.com/bid/71283Broken Link, Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/98949Third Party Advisory, VDB Entry
https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081Exploit, Third Party Advisory

Timeline

Published: Dec 3, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-9157?

How severe is CVE-2014-9157?

Severity scoring for CVE-2014-9157 is pending analysis. The EPSS model estimates a 5.57% probability of exploitation in the next 30 days.

How do I fix CVE-2014-9157?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-9157?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST