CVE-2019-9904 – An issue was discovered in libcdtdttree.c in libcdt.a in graphviz 2.40.

An issue was discovered in libcdtdttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in libcgraphgraph.c in libcgraph.a, related to agfstsubg in libcgraphsubg.c.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9904

Reference (s):

• GENTOO:GLSA-202107-04
• URL: https://security.gentoo.org/glsa/202107-04
• https://gitlab.com/graphviz/graphviz/issues/1512
• https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/