CVE-2020-25559 — Double Free in Gnuplot

CWE-415 — Double Free9 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 39.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnuplot Debian Gnuplot

Timeline

PublishedSep 16

Latest updateJun 23

Description

gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/gnuplot< gnuplot 6.0.0+dfsg1-1 (forky)

▶Debiangnuplot/gnuplot< 6.0.0+dfsg1-1+1

▶Ubuntugnuplot/gnuplot< 4.6.4-2ubuntu0.1~esm1+3

▶NVDgnuplot/gnuplot5.5.0

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

OSV

gnuplot vulnerabilities↗2025-06-23

▶

GHSA

GHSA-v6mq-89c8-6ff4: gnuplot 5↗2022-05-24

▶

OSV

CVE-2020-25559: gnuplot 5↗2020-09-16

▶

📋Vendor Advisories

Ubuntu

Gnuplot vulnerabilities↗2025-06-23

▶

Red Hat

gnuplot: double free when executing print_set_output may lead to arbitrary code execution↗2020-09-16

▶

Debian

CVE-2020-25559: gnuplot - gnuplot 5.5 is affected by double free when executing print_set_output. This may...↗2020

▶

💬Community

Bugzilla

CVE-2020-25559 gnuplot: double free when executing print_set_output may lead to arbitrary code execution↗2020-09-24

▶

Bugzilla

CVE-2020-25559 gnuplot: double free when executing print_set_output may lead to arbitrary code execution [fedora-all]↗2020-09-24

▶