Home

CVE-2018-19492

Description

An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the set font function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.165

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2020:1660-1(SUSE Linux Enterprise Server 12-SP4 ) gnuplot-4.6.5-3.3.74.x86_64.rpmLinux
SUSE-SU-2020:1660-1(SUSE Linux Enterprise Server 12-SP4 ) gnuplot-debuginfo-4.6.5-3.3.74.x86_64.rpmLinux
SUSE-SU-2020:1660-1(SUSE Linux Enterprise Server 12-SP4 ) gnuplot-debugsource-4.6.5-3.3.74.x86_64.rpmLinux
SUSE-SU-2020:1660-1(SUSE Linux Enterprise Server 12-SP5 ) gnuplot-4.6.5-3.3.74.x86_64_SP5.rpmLinux
SUSE-SU-2020:1660-1(SUSE Linux Enterprise Server 12-SP5 ) gnuplot-debuginfo-4.6.5-3.3.74.x86_64_SP5.rpmLinux
SUSE-SU-2020:1660-1(SUSE Linux Enterprise Server 12-SP5 ) gnuplot-debugsource-4.6.5-3.3.74.x86_64_SP5.rpmLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot_4.6.6-3ubuntu0.1_all.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-qt_4.6.6-3ubuntu0.1_i386.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-qt_4.6.6-3ubuntu0.1_amd64.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-nox_4.6.6-3ubuntu0.1_i386.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-nox_4.6.6-3ubuntu0.1_amd64.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-tex_4.6.6-3ubuntu0.1_all.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-x11_4.6.6-3ubuntu0.1_i386.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-x11_4.6.6-3ubuntu0.1_amd64.debLinux
Command-line driven interactive plotting program (USN-4541-1) gnuplot-data_4.6.6-3ubuntu0.1_all.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234