PT-2018-14972 · Gnu+5 · Gnuplot+5

Cornelius Aschermann

Published

2018-11-23

Updated

2025-06-23

CVE-2018-19490

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gnuplot version 5.2.5

Description An issue in datafile.c allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df generate ascii array entry(). This can be exploited by passing an overlong string as the right bound of the range argument to the plot() function.

Recommendations For Gnuplot version 5.2.5, as a temporary workaround, consider restricting the input to the plot() function to prevent overlong strings from being passed as the right bound of the range argument. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2019-1008

CVE-2018-19490

DLA-1595-1

DLA-1597-1

OPENSUSE-SU-2019:1216-1

OPENSUSE-SU-2019_1216-1

OPENSUSE-SU-2024:10800-1

SUSE-SU-2019:0904-1

SUSE-SU-2019_0904-1

SUSE-SU-2020:1660-1

SUSE-SU-2020_1660-1

USN-4541-1

USN-7589-1

Affected Products

Alt Linux

Debian

Gnuplot

Linuxmint

Suse

Ubuntu

PT-2018-14972 · Gnu+5 · Gnuplot+5

CVE-2018-19490

Weakness Enumeration

Related Identifiers

Affected Products

References · 71