CVE-2025-3359 — Improper Check for Unusual or Exceptional Conditions in Gnuplot

CWE-754 — Improper Check for Unusual or Exceptional Conditions CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

6.2MEDIUMNVD

EPSS

0.1%

top 71.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnuplot Debian Gnuplot Msrc Cbl2 Hyperv-daemons 5.15.118.1-1 ON CBL Mariner 2.0 +6 more

Timeline

PublishedApr 7

Latest updateSep 25

Description

A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages9 packages

▶Ubuntugnuplot/gnuplot< 4.6.4-2ubuntu0.1~esm2+5

▶debiandebian/gnuplot

▶msrcmsrc/cbl_mariner_1.0_arm

▶msrcmsrc/cbl_mariner_1.0_x64

▶msrcmsrc/cbl_mariner_2.0_arm

🔴Vulnerability Details

OSV

gnuplot vulnerabilities↗2025-09-25

▶

OSV

CVE-2025-3359: A flaw was found in GNUPlot↗2025-04-07

▶

GHSA

GHSA-779c-58c4-6v6c: A flaw was found in GNUPlot↗2025-04-07

▶

📋Vendor Advisories

Ubuntu

Gnuplot vulnerabilities↗2025-09-25

▶

Red Hat

gnuplot: Segmentation fault via IO_str_init_static_internal function↗2025-04-07

▶

Debian

CVE-2025-3359: gnuplot - A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_interna...↗2025

▶

Microsoft

An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference.↗2023-06-13

▶