CVE-2017-9670

Name of the Vulnerable Software and Affected Versions gnuplot version 5.2.rc1

Description The issue is related to an uninitialized stack variable vulnerability in the load tic series() function in set.c. This vulnerability can be exploited when a victim opens a specially crafted file, potentially leading to Denial of Service (Segmentation fault and Memory Corruption) or other unspecified impacts.

Recommendations For gnuplot version 5.2.rc1, consider avoiding the use of the load tic series() function until a patch is available. As a temporary workaround, restrict the opening of files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.