PT-2018-14972 · Gnu+5 · Gnuplot+5

Cornelius Aschermann

Publicado

2018-11-23

Atualizado

2025-06-23

CVE-2018-19490

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gnuplot version 5.2.5

Description An issue in datafile.c allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df generate ascii array entry(). This can be exploited by passing an overlong string as the right bound of the range argument to the plot() function.

Recommendations For Gnuplot version 5.2.5, as a temporary workaround, consider restricting the input to the plot() function to prevent overlong strings from being passed as the right bound of the range argument. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2019-1008

CVE-2018-19490

DLA-1595-1

DLA-1597-1

OPENSUSE-SU-2019:1216-1

OPENSUSE-SU-2019_1216-1

OPENSUSE-SU-2024:10800-1

SUSE-SU-2019:0904-1

SUSE-SU-2019_0904-1

SUSE-SU-2020:1660-1

SUSE-SU-2020_1660-1

USN-4541-1

USN-7589-1

Produtos afetados

Alt Linux

Debian

Gnuplot

Linuxmint

Suse

Ubuntu

PT-2018-14972 · Gnu+5 · Gnuplot+5

CVE-2018-19490

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 71