CVE-2018-19490

Priority
Description
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows
an attacker to conduct a heap-based buffer overflow with an arbitrary
amount of data in df_generate_ascii_array_entry. To exploit this
vulnerability, an attacker must pass an overlong string as the right bound
of the range argument that is passed to the plot function.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (4.6.6-3ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):needed
Ubuntu 20.10 (Groovy Gorilla):needed
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-09-26 02:16:18 UTC (commit dabd3af71e401b9fb6a4a072047eea5835e510be)