CVE-2019-11023

The agroot() function in cgraphobj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.
Source: NIST
CVE-2019-11023