Out-of-bounds Write Affecting gnuplot package, versions *


Severity

Recommended
low

Based on Ubuntu security rating.

Threat Intelligence

EPSS
0.1% (43rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU2304-GNUPLOT-5480972
  • published2 Dec 2018
  • disclosed23 Nov 2018

Introduced: 23 Nov 2018

CVE-2018-19490  (opens in a new tab)
CWE-787  (opens in a new tab)

How to fix?

There is no fixed version for Ubuntu:23.04 gnuplot.

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnuplot package and not the gnuplot package as distributed by Ubuntu. See How to fix? for Ubuntu:23.04 relevant fixed versions and status.

An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.