CVE-2017-9670 — Access of Uninitialized Pointer in Gnuplot

CWE-824 — Access of Uninitialized Pointer CWE-456 — Missing Initialization of a Variable6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 56.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnuplot Debian Gnuplot

Timeline

PublishedJun 15

Latest updateMay 17

Description

An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/gnuplot< gnuplot 5.0.5+dfsg1-7 (bookworm)

▶Debiangnuplot/gnuplot< 5.0.5+dfsg1-7+3

▶NVDgnuplot/gnuplot5.2

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-5w62-j643-gj5x: An uninitialized stack variable vulnerability in load_tic_series() in set↗2022-05-17

▶

OSV

CVE-2017-9670: An uninitialized stack variable vulnerability in load_tic_series() in set↗2017-06-15

▶

📋Vendor Advisories

Red Hat

gnuplot: Uninitialized stack variable in load_tic_series()↗2017-06-15

▶

Debian

CVE-2017-9670: gnuplot - An uninitialized stack variable vulnerability in load_tic_series() in set.c in g...↗2017

▶

💬Community

Bugzilla

CVE-2017-9670 gnuplot: Uninitialized stack variable in load_tic_series()↗2017-06-16

▶