Upgrade System.IO.Packaging to version 6.0.1, 8.0.1, 9.0.0-rc.2.24473.5 or higher.

Denial of Service (DoS) in system.io.packaging | CVE-2024-43484

Threat Intelligence

0.59% (79^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about NULL Pointer Dereference vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-SLES151-LIBGRAPHVIZ6-2703807
published14 Apr 2022
disclosed26 Aug 2020

Report a new vulnerability Found a mistake?

Introduced: 26 Aug 2020

CVE-2018-10196 (opens in a new tab) CWE-476 (opens in a new tab)

How to fix?

Upgrade SLES:15.1 libgraphviz6 to version 2.40.1-6.6.4 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libgraphviz6 package and not the libgraphviz6 package as distributed by SLES. See How to fix? for SLES:15.1 relevant fixed versions and status.

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.

NULL Pointer Dereference Affecting libgraphviz6 package, versions <2.40.1-6.6.4

Severity