{"id":"CVE-2019-11023","details":"The agroot() function in cgraph\\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.","modified":"2026-03-12T22:59:13.506214Z","published":"2019-04-08T23:29:00.743Z","related":["MGASA-2019-0305","SUSE-SU-2019:1267-1","SUSE-SU-2019:1267-2","SUSE-SU-2019:1267-3","openSUSE-SU-2019:1434-1","openSUSE-SU-2019:1459-1","openSUSE-SU-2020:0876-1","openSUSE-SU-2020:0906-1","openSUSE-SU-2024:10821-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00054.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00065.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00056.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00065.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLEAHLDJVMAEGA3YMC7KPKJ7ZPXNMJID/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI3D5TQE3IMCSF5OUTXQL4GVKFCIY5JG/"},{"type":"EVIDENCE","url":"https://gitlab.com/graphviz/graphviz/issues/1517"},{"type":"EVIDENCE","url":"https://research.loginsoft.com/bugs/null-pointer-dereference-in-function-agroot/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11023.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.39.20160612.1140"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}