Vulnerabilites related to gnuplot - gnuplot
cve-2018-19490
Vulnerability from cvelistv5
Published
2018-11-23 17:00
Modified
2024-08-05 11:37
Severity ?
EPSS score ?
Summary
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/gnuplot/bugs/2093/ | x_refsource_MISC | |
| https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4541-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:37:11.482Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceforge.net/p/gnuplot/bugs/2093/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", }, { name: "[debian-lts-announce] 20181126 [SECURITY] [DLA 1597-1] gnuplot security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html", }, { name: "[debian-lts-announce] 20181125 [SECURITY] [DLA 1595-1] gnuplot5 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html", }, { name: "openSUSE-SU-2019:1216", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html", }, { name: "USN-4541-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4541-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-11-23T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-28T19:06:11", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://sourceforge.net/p/gnuplot/bugs/2093/", }, { tags: [ "x_refsource_MISC", ], url: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", }, { name: "[debian-lts-announce] 20181126 [SECURITY] [DLA 1597-1] gnuplot security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html", }, { name: "[debian-lts-announce] 20181125 [SECURITY] [DLA 1595-1] gnuplot5 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html", }, { name: "openSUSE-SU-2019:1216", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html", }, { name: "USN-4541-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4541-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-19490", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://sourceforge.net/p/gnuplot/bugs/2093/", refsource: "MISC", url: "https://sourceforge.net/p/gnuplot/bugs/2093/", }, { name: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", refsource: "MISC", url: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", }, { name: "[debian-lts-announce] 20181126 [SECURITY] [DLA 1597-1] gnuplot security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html", }, { name: "[debian-lts-announce] 20181125 [SECURITY] [DLA 1595-1] gnuplot5 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html", }, { name: "openSUSE-SU-2019:1216", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html", }, { name: "USN-4541-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4541-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-19490", datePublished: "2018-11-23T17:00:00", dateReserved: "2018-11-23T00:00:00", dateUpdated: "2024-08-05T11:37:11.482Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-19492
Vulnerability from cvelistv5
Published
2018-11-23 17:00
Modified
2024-08-05 11:37
Severity ?
EPSS score ?
Summary
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html | mailing-list, x_refsource_MLIST | |
| https://sourceforge.net/p/gnuplot/bugs/2089/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4541-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:37:11.491Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", }, { name: "[debian-lts-announce] 20181126 [SECURITY] [DLA 1597-1] gnuplot security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceforge.net/p/gnuplot/bugs/2089/", }, { name: "[debian-lts-announce] 20181125 [SECURITY] [DLA 1595-1] gnuplot5 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html", }, { name: "openSUSE-SU-2019:1216", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html", }, { name: "USN-4541-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4541-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-11-23T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the \"set font\" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-28T19:06:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", }, { name: "[debian-lts-announce] 20181126 [SECURITY] [DLA 1597-1] gnuplot security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html", }, { tags: [ "x_refsource_MISC", ], url: "https://sourceforge.net/p/gnuplot/bugs/2089/", }, { name: "[debian-lts-announce] 20181125 [SECURITY] [DLA 1595-1] gnuplot5 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html", }, { name: "openSUSE-SU-2019:1216", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html", }, { name: "USN-4541-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4541-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-19492", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the \"set font\" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", refsource: "MISC", url: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", }, { name: "[debian-lts-announce] 20181126 [SECURITY] [DLA 1597-1] gnuplot security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html", }, { name: "https://sourceforge.net/p/gnuplot/bugs/2089/", refsource: "MISC", url: "https://sourceforge.net/p/gnuplot/bugs/2089/", }, { name: "[debian-lts-announce] 20181125 [SECURITY] [DLA 1595-1] gnuplot5 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html", }, { name: "openSUSE-SU-2019:1216", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html", }, { name: "USN-4541-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4541-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-19492", datePublished: "2018-11-23T17:00:00", dateReserved: "2018-11-23T00:00:00", dateUpdated: "2024-08-05T11:37:11.491Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-2259
Vulnerability from cvelistv5
Published
2007-10-18 10:00
Modified
2024-08-08 03:59
Severity ?
EPSS score ?
Summary
Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/10801 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/6329 | vdb-entry, x_refsource_BID | |
| http://www.suse.com/de/security/2002_047_openldap2.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:59:11.340Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "gnuplot-french-documentation-bo(10801)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10801", }, { name: "6329", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/6329", }, { name: "SuSE-SA:2002:047", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.suse.com/de/security/2002_047_openldap2.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-12-06T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "gnuplot-french-documentation-bo(10801)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10801", }, { name: "6329", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/6329", }, { name: "SuSE-SA:2002:047", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.suse.com/de/security/2002_047_openldap2.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-2259", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "gnuplot-french-documentation-bo(10801)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10801", }, { name: "6329", refsource: "BID", url: "http://www.securityfocus.com/bid/6329", }, { name: "SuSE-SA:2002:047", refsource: "SUSE", url: "http://www.suse.com/de/security/2002_047_openldap2.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-2259", datePublished: "2007-10-18T10:00:00", dateReserved: "2007-10-17T00:00:00", dateUpdated: "2024-08-08T03:59:11.340Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-19491
Vulnerability from cvelistv5
Published
2018-11-23 17:00
Modified
2024-08-05 11:37
Severity ?
EPSS score ?
Summary
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html | mailing-list, x_refsource_MLIST | |
| https://sourceforge.net/p/gnuplot/bugs/2094/ | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4541-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:37:11.479Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", }, { name: "[debian-lts-announce] 20181126 [SECURITY] [DLA 1597-1] gnuplot security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html", }, { name: "[debian-lts-announce] 20181125 [SECURITY] [DLA 1595-1] gnuplot5 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceforge.net/p/gnuplot/bugs/2094/", }, { name: "openSUSE-SU-2019:1216", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html", }, { name: "USN-4541-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4541-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-11-23T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the \"set font\" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-28T19:06:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", }, { name: "[debian-lts-announce] 20181126 [SECURITY] [DLA 1597-1] gnuplot security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html", }, { name: "[debian-lts-announce] 20181125 [SECURITY] [DLA 1595-1] gnuplot5 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html", }, { tags: [ "x_refsource_MISC", ], url: "https://sourceforge.net/p/gnuplot/bugs/2094/", }, { name: "openSUSE-SU-2019:1216", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html", }, { name: "USN-4541-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4541-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-19491", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the \"set font\" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", refsource: "MISC", url: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", }, { name: "[debian-lts-announce] 20181126 [SECURITY] [DLA 1597-1] gnuplot security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html", }, { name: "[debian-lts-announce] 20181125 [SECURITY] [DLA 1595-1] gnuplot5 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html", }, { name: "https://sourceforge.net/p/gnuplot/bugs/2094/", refsource: "MISC", url: "https://sourceforge.net/p/gnuplot/bugs/2094/", }, { name: "openSUSE-SU-2019:1216", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html", }, { name: "USN-4541-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4541-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-19491", datePublished: "2018-11-23T17:00:00", dateReserved: "2018-11-23T00:00:00", dateUpdated: "2024-08-05T11:37:11.479Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44917
Vulnerability from cvelistv5
Published
2021-12-21 19:57
Modified
2024-08-04 04:32
Severity ?
EPSS score ?
Summary
A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/gnuplot/bugs/2358/ | x_refsource_MISC | |
| https://sourceforge.net/p/gnuplot/bugs/2474/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:32:13.250Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceforge.net/p/gnuplot/bugs/2358/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceforge.net/p/gnuplot/bugs/2474/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-04T16:09:34", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://sourceforge.net/p/gnuplot/bugs/2358/", }, { tags: [ "x_refsource_MISC", ], url: "https://sourceforge.net/p/gnuplot/bugs/2474/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-44917", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://sourceforge.net/p/gnuplot/bugs/2358/", refsource: "MISC", url: "https://sourceforge.net/p/gnuplot/bugs/2358/", }, { name: "https://sourceforge.net/p/gnuplot/bugs/2474/", refsource: "MISC", url: "https://sourceforge.net/p/gnuplot/bugs/2474/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-44917", datePublished: "2021-12-21T19:57:14", dateReserved: "2021-12-13T00:00:00", dateUpdated: "2024-08-04T04:32:13.250Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2018-11-23 17:29
Modified
2024-11-21 03:58
Severity ?
Summary
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnuplot:gnuplot:5.2.5:*:*:*:*:*:*:*", matchCriteriaId: "DA35CD3C-C46A-4AAF-B6BC-D894ED9E174C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.", }, { lang: "es", value: "Se ha descubierto un problema en Gnuplot 5.2.5. Este problema permite a un atacante realizar un desbordamiento de búfer basado en memoria dinámica (heap) con una cantidad arbitraria de datos en df_generate_ascii_array_entry. Para explotar esta vulnerabilidad, un atacante deberá pasar una cadena demasiada larga como el límite correcto del argumento range que se pasa a la función plot.", }, ], id: "CVE-2018-19490", lastModified: "2024-11-21T03:58:00.697", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-23T17:29:00.267", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sourceforge.net/p/gnuplot/bugs/2093/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4541-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sourceforge.net/p/gnuplot/bugs/2093/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4541-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-21 20:15
Modified
2024-11-21 06:31
Severity ?
Summary
A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sourceforge.net/p/gnuplot/bugs/2358/ | ||
| cve@mitre.org | https://sourceforge.net/p/gnuplot/bugs/2474/ | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/gnuplot/bugs/2358/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/gnuplot/bugs/2474/ | Exploit, Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnuplot:gnuplot:5.4:*:*:*:*:*:*:*", matchCriteriaId: "614C9AE0-4C27-403E-B199-09CB5A5D11E8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash.", }, { lang: "es", value: "Se presenta una vulnerabilidad de división por cero en gnuplot versión 5.4 en la función boundary3d en el archivo graph3d.c, que puede causar una excepción aritmética y un fallo de la aplicación", }, ], id: "CVE-2021-44917", lastModified: "2024-11-21T06:31:41.903", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-21T20:15:07.580", references: [ { source: "cve@mitre.org", url: "https://sourceforge.net/p/gnuplot/bugs/2358/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceforge.net/p/gnuplot/bugs/2474/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://sourceforge.net/p/gnuplot/bugs/2358/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceforge.net/p/gnuplot/bugs/2474/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-369", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| suse | suse_linux | * | |
| gnuplot | gnuplot | 3.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:suse_linux:*:*:*:*:*:*:*:*", matchCriteriaId: "C063ED94-7208-4C88-B549-5B47BEE6E35B", versionEndIncluding: "7.3", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:gnuplot:gnuplot:3.7:*:*:*:*:*:*:*", matchCriteriaId: "F18941B3-7AC4-4EE8-B734-55FF57F5E18E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors.", }, ], id: "CVE-2002-2259", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/6329", }, { source: "cve@mitre.org", url: "http://www.suse.com/de/security/2002_047_openldap2.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10801", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/6329", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.suse.com/de/security/2002_047_openldap2.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10801", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-23 17:29
Modified
2024-11-21 03:58
Severity ?
Summary
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnuplot:gnuplot:5.2.5:*:*:*:*:*:*:*", matchCriteriaId: "DA35CD3C-C46A-4AAF-B6BC-D894ED9E174C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the \"set font\" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.", }, { lang: "es", value: "Se ha descubierto un problema en post.trm en Gnuplot 5.2.5. Este problema permite a un atacante realizar un desbordamiento de búfer con una cantidad arbitraria de datos en la función PS_options. Este fallo se debe a la falta de una comprobación del tamaño de un argumento pasado a la función \"set font\". Esto ocurre cuando el terminal postscript de Gnuplot se utiliza como un backend.", }, ], id: "CVE-2018-19491", lastModified: "2024-11-21T03:58:00.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-23T17:29:00.347", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sourceforge.net/p/gnuplot/bugs/2094/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4541-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sourceforge.net/p/gnuplot/bugs/2094/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4541-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-23 17:29
Modified
2024-11-21 03:58
Severity ?
Summary
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnuplot:gnuplot:5.2.5:*:*:*:*:*:*:*", matchCriteriaId: "DA35CD3C-C46A-4AAF-B6BC-D894ED9E174C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the \"set font\" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.", }, { lang: "es", value: "Se ha descubierto un problema en cairo.trm en Gnuplot 5.2.5. Este problema permite a un atacante realizar un desbordamiento de búfer con una cantidad arbitraria de datos en la función ccairotrm_options. Este fallo se debe a la falta de una comprobación de tamaño de un argumento pasado a la función \"set font\". Esto ocurre cuando el terminal pngcairo de Gnuplot se utiliza como un backend.", }, ], id: "CVE-2018-19492", lastModified: "2024-11-21T03:58:01.027", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-23T17:29:00.407", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sourceforge.net/p/gnuplot/bugs/2089/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4541-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sourceforge.net/p/gnuplot/bugs/2089/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4541-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }