Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the dfgenerateasciiarrayentry function. An attacker could possibly use this issue to cause a heap buffer overflow, resulting in a denial of service attack or arbitrary code execution. (CVE-2018-19490)
Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the PS_options function when the Gnuplot postscript terminal is used as a backend. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service attack or arbitrary code execution. (CVE-2018-19491)
Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the cairotrm_options function when the Gnuplot postscript terminal is used as a backend. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service attack or arbitrary code execution. (CVE-2018-19492)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "4.6.6-3ubuntu0.1", "binary_name": "gnuplot" }, { "binary_version": "4.6.6-3ubuntu0.1", "binary_name": "gnuplot-data" }, { "binary_version": "4.6.6-3ubuntu0.1", "binary_name": "gnuplot-doc" }, { "binary_version": "4.6.6-3ubuntu0.1", "binary_name": "gnuplot-nox" }, { "binary_version": "4.6.6-3ubuntu0.1", "binary_name": "gnuplot-nox-dbgsym" }, { "binary_version": "4.6.6-3ubuntu0.1", "binary_name": "gnuplot-qt" }, { "binary_version": "4.6.6-3ubuntu0.1", "binary_name": "gnuplot-qt-dbgsym" }, { "binary_version": "4.6.6-3ubuntu0.1", "binary_name": "gnuplot-tex" }, { "binary_version": "4.6.6-3ubuntu0.1", "binary_name": "gnuplot-x11" }, { "binary_version": "4.6.6-3ubuntu0.1", "binary_name": "gnuplot-x11-dbgsym" } ] }