CVE-2020-25412 — Out-of-bounds Write in Gnuplot

CWE-787 — Out-of-bounds Write CWE-125 — Out-of-bounds Read9 documents7 sources

Severity

9.8CRITICALNVD

OSV7.8

EPSS

0.6%

top 30.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnuplot Debian Gnuplot

Timeline

PublishedSep 16

Latest updateJun 23

Description

com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/gnuplot< gnuplot 6.0.0+dfsg1-1 (forky)

▶Debiangnuplot/gnuplot< 6.0.0+dfsg1-1+1

▶Ubuntugnuplot/gnuplot< 4.6.4-2ubuntu0.1~esm1+3

▶NVDgnuplot/gnuplot5.4.0

🔴Vulnerability Details

OSV

gnuplot vulnerabilities↗2025-06-23

▶

GHSA

GHSA-fw2x-mx3p-5gr5: gnuplot 5↗2022-05-24

▶

OSV

CVE-2020-25412: com_line() in command↗2020-09-16

▶

📋Vendor Advisories

Ubuntu

Gnuplot vulnerabilities↗2025-06-23

▶

Red Hat

gnuplot: out-of-bounds-write from strncpy() may lead to arbitrary code execution↗2020-09-16

▶

Debian

CVE-2020-25412: gnuplot - com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strn...↗2020

▶

💬Community

Bugzilla

CVE-2020-25412 gnuplot: segmentation fault in com_line () at command.c may lead to arbitrary code execution [fedora-all]↗2020-09-24

▶

Bugzilla

CVE-2020-25412 gnuplot: out-of-bounds-write from strncpy() may lead to arbitrary code execution↗2020-09-24

▶