Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
https://exchange.xforce.ibmcloud.com/vulnerabilities/98949
http://www.securityfocus.com/bid/71283
http://www.mandriva.com/security/advisories?name=MDVSA-2015:187
http://www.mandriva.com/security/advisories?name=MDVSA-2014:248
http://www.debian.org/security/2014/dsa-3098