I haven't been able to verify this issue but I feel it's valid.
There are several specimens of graphviz dot files which sends the dot program into an infinite loop. Currently the dot ExecFuture doesn't have a timeout. I think it should have a timeout to prevent dot from over-loading the server with malicious graphviz code.