|Description||An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)|
Vulnerable and fixed packages
The table below lists information on source packages.
|bookworm, sid, trixie||5.4.4+dfsg1-2||vulnerable|
The information below is based on the following data on fixed versions.
No security impact, neutralised by toolchain hardening
No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
see README.Debian.security (added in 5.2.6)