CVE-2018-19490Out-of-bounds Write in Gnuplot

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow12 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 55.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GnuplotDebian GnuplotDebian Linux+1 more
Timeline
PublishedNov 23
Latest updateJun 23

Description

An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

debiandebian/gnuplot< gnuplot 5.4.0+dfsg1-1 (bookworm)
Debiangnuplot/gnuplot< 5.4.0+dfsg1-1+3
Ubuntugnuplot/gnuplot< 4.6.6-3ubuntu0.1+4
NVDgnuplot/gnuplot5.2.5
NVDopensuse/leap15.0

Also affects: Debian Linux 8.0

Patches

Patch: sourceforge.netPatch: sourceforge.net

🔴Vulnerability Details

4
OSV
gnuplot vulnerabilities2025-06-23
GHSA
GHSA-c49p-76wp-8wwx: An issue was discovered in datafile2022-05-13
OSV
gnuplot vulnerabilities2020-09-25
OSV
CVE-2018-19490: An issue was discovered in datafile2018-11-23

📋Vendor Advisories

4
Ubuntu
Gnuplot vulnerabilities2025-06-23
Ubuntu
Gnuplot vulnerabilities2020-09-25
Red Hat
gnuplot: heap-based buffer overflow in df_generate_ascii_array_entry2018-11-19
Debian
CVE-2018-19490: gnuplot - An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an att...2018

💬Community

3
Bugzilla
CVE-2018-19490 gnuplot44: gnuplot: heap-based buffer overflow in df_generate_ascii_array_entry [epel-6]2018-12-04
Bugzilla
CVE-2018-19490 gnuplot: heap-based buffer overflow in df_generate_ascii_array_entry2018-12-04
Bugzilla
CVE-2018-19490 gnuplot: heap-based buffer overflow in df_generate_ascii_array_entry [fedora-all]2018-12-04
CVE-2018-19490 — Out-of-bounds Write in Debian Gnuplot | cvebase