CVE-2018-19490
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.
Se ha descubierto un problema en Gnuplot 5.2.5. Este problema permite a un atacante realizar un desbordamiento de búfer basado en memoria dinámica (heap) con una cantidad arbitraria de datos en df_generate_ascii_array_entry. Para explotar esta vulnerabilidad, un atacante deberá pasar una cadena demasiada larga como el límite correcto del argumento range que se pasa a la función plot.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-11-23 CVE Reserved
- 2018-11-23 CVE Published
- 2023-11-17 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://sourceforge.net/p/gnuplot/bugs/2093 | 2024-08-05 |
URL | Date | SRC |
---|---|---|
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949 | 2020-09-28 |
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00066.html | 2020-09-28 | |
https://usn.ubuntu.com/4541-1 | 2020-09-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnuplot Search vendor "Gnuplot" | Gnuplot Search vendor "Gnuplot" for product "Gnuplot" | 5.2.5 Search vendor "Gnuplot" for product "Gnuplot" and version "5.2.5" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
|