VDB
CVE-2018-19491
CVE-2018-19491
PUBLISHED
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.
EPSS 0.22% · 44.9th percentile
Risk Scores
EPSS Score
0.22%
44.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | gnuplot5 | 5.0.3+dfsg1-2, *, 5.0.3+dfsg2-1 |
| Ubuntu:Pro:14.04:LTS | gnuplot | 0, 4.6.3-2, 4.6.4-2 |
| Ubuntu:Pro:18.04:LTS | gnuplot | 5.2.2+dfsg1-2ubuntu1, 0, 5.0.7+dfsg1-1 |
| Ubuntu:16.04:LTS | gnuplot | 4.6.6-3, 4.6.6-2, 0 |
Exploit Intelligence
- https://sourceforge.net/p/gnuplot/bugs/2094/ (nist-nvd)
- https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/ (circl)
- [debian-lts-announce] 20181126 [SECURITY] [DLA 1597-1] gnuplot security update (circl)
- [debian-lts-announce] 20181125 [SECURITY] [DLA 1595-1] gnuplot5 security update (circl)
- openSUSE-SU-2019:1216 (circl)
- USN-4541-1 (circl)
Timeline
- Nov 23, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-19491 third-party-advisory
- https://sourceforge.net/p/gnuplot/bugs/2094/ third-party-advisory
- https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/ third-party-advisory
- https://ubuntu.com/security/notices/USN-4541-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-19491 third-party-advisory
- https://ubuntu.com/security/notices/USN-7589-1 vendor-advisory