USN-4541-1

Source
https://ubuntu.com/security/notices/USN-4541-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4541-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4541-1
Related
Published
2020-09-25T17:14:48.527326Z
Modified
2020-09-25T17:14:48.527326Z
Summary
gnuplot vulnerabilities
Details

Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the dfgenerateasciiarrayentry function. An attacker could possibly use this issue to cause a heap buffer overflow, resulting in a denial of service attack or arbitrary code execution. (CVE-2018-19490)

Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the PS_options function when the Gnuplot postscript terminal is used as a backend. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service attack or arbitrary code execution. (CVE-2018-19491)

Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the cairotrm_options function when the Gnuplot postscript terminal is used as a backend. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service attack or arbitrary code execution. (CVE-2018-19492)

References

Affected packages

Ubuntu:16.04:LTS / gnuplot

Package

Name
gnuplot
Purl
pkg:deb/ubuntu/gnuplot@4.6.6-3ubuntu0.1?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.6-3ubuntu0.1

Affected versions

4.*

4.6.6-2
4.6.6-3

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "4.6.6-3ubuntu0.1",
            "binary_name": "gnuplot"
        },
        {
            "binary_version": "4.6.6-3ubuntu0.1",
            "binary_name": "gnuplot-data"
        },
        {
            "binary_version": "4.6.6-3ubuntu0.1",
            "binary_name": "gnuplot-doc"
        },
        {
            "binary_version": "4.6.6-3ubuntu0.1",
            "binary_name": "gnuplot-nox"
        },
        {
            "binary_version": "4.6.6-3ubuntu0.1",
            "binary_name": "gnuplot-nox-dbgsym"
        },
        {
            "binary_version": "4.6.6-3ubuntu0.1",
            "binary_name": "gnuplot-qt"
        },
        {
            "binary_version": "4.6.6-3ubuntu0.1",
            "binary_name": "gnuplot-qt-dbgsym"
        },
        {
            "binary_version": "4.6.6-3ubuntu0.1",
            "binary_name": "gnuplot-tex"
        },
        {
            "binary_version": "4.6.6-3ubuntu0.1",
            "binary_name": "gnuplot-x11"
        },
        {
            "binary_version": "4.6.6-3ubuntu0.1",
            "binary_name": "gnuplot-x11-dbgsym"
        }
    ]
}