Security update for gnuplot SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:01805-1 Final 1 1 2025-06-03T11:57:53Z current 2025-06-03T11:57:53Z 2025-06-03T11:57:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gnuplot This update for gnuplot fixes the following issues: - CVE-2025-31178: unvalidated user input leads to segmentation fault on GetAnnotateString (bsc#1240327). - CVE-2025-31179: improper verification of time values leads to segmentation fault on xstrftime (bsc#1240328). - CVE-2025-31181: double fclose() call leads to segmentation fault on X11_graphics (bsc#1240330). - CVE-2025-3359: out-of-bounds read when parsing font names may lead to a segmentation fault (bsc#1241684). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1805,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1805 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202501805-1/ Link for SUSE-SU-2025:01805-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021080.html E-Mail link for SUSE-SU-2025:01805-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1240327 SUSE Bug 1240327 https://bugzilla.suse.com/1240328 SUSE Bug 1240328 https://bugzilla.suse.com/1240330 SUSE Bug 1240330 https://bugzilla.suse.com/1241684 SUSE Bug 1241684 https://www.suse.com/security/cve/CVE-2025-31178/ SUSE CVE CVE-2025-31178 page https://www.suse.com/security/cve/CVE-2025-31179/ SUSE CVE CVE-2025-31179 page https://www.suse.com/security/cve/CVE-2025-31181/ SUSE CVE CVE-2025-31181 page https://www.suse.com/security/cve/CVE-2025-3359/ SUSE CVE CVE-2025-3359 page SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 gnuplot-4.6.5-3.9.1 gnuplot-doc-4.6.5-3.9.1 gnuplot-4.6.5-3.9.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash. CVE-2025-31178 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501805-1/ https://www.suse.com/security/cve/CVE-2025-31178.html CVE-2025-31178 https://bugzilla.suse.com/1240327 SUSE Bug 1240327 A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash. CVE-2025-31179 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501805-1/ https://www.suse.com/security/cve/CVE-2025-31179.html CVE-2025-31179 https://bugzilla.suse.com/1240328 SUSE Bug 1240328 A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash. CVE-2025-31181 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501805-1/ https://www.suse.com/security/cve/CVE-2025-31181.html CVE-2025-31181 https://bugzilla.suse.com/1240330 SUSE Bug 1240330 A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment. CVE-2025-3359 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501805-1/ https://www.suse.com/security/cve/CVE-2025-3359.html CVE-2025-3359 https://bugzilla.suse.com/1241684 SUSE Bug 1241684