CVE-2018-19490

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-19490

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19490.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-19490

Related

Published

2018-11-23T17:29:00Z

Modified

2025-01-14T07:26:57.694887Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in dfgenerateasciiarrayentry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.

References

Affected packages

Debian:11 / gnuplot

Package

Name: gnuplot
Purl: pkg:deb/debian/gnuplot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.1+dfsg1-1

5.4.1+dfsg1-1+deb11u1

5.4.2+dfsg2-1

5.4.2+dfsg2-2

5.4.4+dfsg1-1

5.4.4+dfsg1-2

6.*

6.0.0+dfsg1-1

6.0.0+dfsg1-2

6.0.0+dfsg1-3

6.0.2+dfsg1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / gnuplot

Package

Name: gnuplot
Purl: pkg:deb/debian/gnuplot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.4+dfsg1-2

6.*

6.0.0+dfsg1-1

6.0.0+dfsg1-2

6.0.0+dfsg1-3

6.0.2+dfsg1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / gnuplot

Package

Name: gnuplot
Purl: pkg:deb/debian/gnuplot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.4+dfsg1-2

6.*

6.0.0+dfsg1-1

6.0.0+dfsg1-2

6.0.0+dfsg1-3

6.0.2+dfsg1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/gnuplot/gnuplot

Affected ranges

Type: GIT
Repo: https://github.com/gnuplot/gnuplot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

3a62a7533537cab5e409fcd64f7ddc33d8915c32

Affected versions

1.*

1.1

1.10A

2.*

2.0

3.*

3.0

3.1

3.2

3.5

4.*

4.0.2

5.*

5.2.0

5.2.1

5.2.2

5.2.3

5.2.5