Name of the Vulnerable Software and Affected Versions gnuplot versions (affected versions not specified)

Description The issue concerns a command injection problem where the package fails to properly sanitize plot titles. This could allow attackers to execute arbitrary code on the system if the title value is provided by a user. A proof-of-concept demonstrates the creation of a "testing" file in the current directory by exploiting this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Consider using an alternative package until a fix is made available. As a temporary workaround, consider restricting the use of user-supplied input for plot titles to minimize the risk of exploitation.