Home

CVE-2018-19490

Description

An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.165

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2020:1660-1(SUSE Linux Enterprise Server 12-SP4 ) gnuplot-4.6.5-3.3.74.x86_64.rpmLinux
SUSE-SU-2020:1660-1(SUSE Linux Enterprise Server 12-SP4 ) gnuplot-debuginfo-4.6.5-3.3.74.x86_64.rpmLinux
SUSE-SU-2020:1660-1(SUSE Linux Enterprise Server 12-SP4 ) gnuplot-debugsource-4.6.5-3.3.74.x86_64.rpmLinux
SUSE-SU-2020:1660-1(SUSE Linux Enterprise Server 12-SP5 ) gnuplot-4.6.5-3.3.74.x86_64_SP5.rpmLinux
SUSE-SU-2020:1660-1(SUSE Linux Enterprise Server 12-SP5 ) gnuplot-debuginfo-4.6.5-3.3.74.x86_64_SP5.rpmLinux
SUSE-SU-2020:1660-1(SUSE Linux Enterprise Server 12-SP5 ) gnuplot-debugsource-4.6.5-3.3.74.x86_64_SP5.rpmLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot_4.6.6-3ubuntu0.1_all.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-qt_4.6.6-3ubuntu0.1_i386.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-qt_4.6.6-3ubuntu0.1_amd64.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-nox_4.6.6-3ubuntu0.1_i386.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-nox_4.6.6-3ubuntu0.1_amd64.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-tex_4.6.6-3ubuntu0.1_all.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-x11_4.6.6-3ubuntu0.1_i386.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-x11_4.6.6-3ubuntu0.1_amd64.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-data_4.6.6-3ubuntu0.1_all.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234