CVE-2025-31179NULL Pointer Dereference in Gnuplot

CWE-476NULL Pointer Dereference8 documents7 sources
Severity
6.2MEDIUMNVD
EPSS
0.0%
top 89.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GnuplotDebian GnuplotMsrc Azl3 Gnuplot 5.4.8-1 ON Azure Linux 3.0+1 more
Timeline
PublishedMar 27
Latest updateSep 25

Description

A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages5 packages

NVDgnuplot/gnuplot< 6.0.0
Ubuntugnuplot/gnuplot< 4.6.4-2ubuntu0.1~esm2+5

🔴Vulnerability Details

3
OSV
gnuplot vulnerabilities2025-09-25
GHSA
GHSA-hm4c-83cp-q77m: A flaw was found in gnuplot2025-03-27
OSV
CVE-2025-31179: A flaw was found in gnuplot2025-03-27

📋Vendor Advisories

4
Ubuntu
Gnuplot vulnerabilities2025-09-25
Red Hat
gnuplot: gnuplot segmentation fault on xstrftime2025-03-27
Microsoft
Gnuplot: gnuplot segmentation fault on xstrftime2025-03-11
Debian
CVE-2025-31179: gnuplot - A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation...2025
CVE-2025-31179 — NULL Pointer Dereference in Gnuplot | cvebase