gnuplot-5.4.2-1.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10800 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gnuplot-5.4.2-1.3 on GA media These are all security issues fixed in the gnuplot-5.4.2-1.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10800 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10800 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-9670/ SUSE CVE CVE-2017-9670 page https://www.suse.com/security/cve/CVE-2018-19490/ SUSE CVE CVE-2018-19490 page https://www.suse.com/security/cve/CVE-2018-19492/ SUSE CVE CVE-2018-19492 page https://www.suse.com/security/cve/CVE-2020-25412/ SUSE CVE CVE-2020-25412 page https://www.suse.com/security/cve/CVE-2020-25559/ SUSE CVE CVE-2020-25559 page openSUSE Tumbleweed gnuplot-5.4.2-1.3 gnuplot-5.4.2-1.3 as a component of openSUSE Tumbleweed An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file. CVE-2017-9670 openSUSE Tumbleweed:gnuplot-5.4.2-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9670.html CVE-2017-9670 https://bugzilla.suse.com/1044638 SUSE Bug 1044638 An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function. CVE-2018-19490 openSUSE Tumbleweed:gnuplot-5.4.2-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-19490.html CVE-2018-19490 https://bugzilla.suse.com/1117465 SUSE Bug 1117465 An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend. CVE-2018-19492 openSUSE Tumbleweed:gnuplot-5.4.2-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-19492.html CVE-2018-19492 https://bugzilla.suse.com/1117463 SUSE Bug 1117463 com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution. CVE-2020-25412 openSUSE Tumbleweed:gnuplot-5.4.2-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-25412.html CVE-2020-25412 https://bugzilla.suse.com/1176687 SUSE Bug 1176687 https://bugzilla.suse.com/1176689 SUSE Bug 1176689 gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution. CVE-2020-25559 openSUSE Tumbleweed:gnuplot-5.4.2-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-25559.html CVE-2020-25559 https://bugzilla.suse.com/1176689 SUSE Bug 1176689