DescriptionAn issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1595-1, DLA-1597-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnuplot (PTS)jessie4.6.6-2vulnerable
jessie (security)4.6.6-2+deb8u1fixed
buster, sid5.2.6+dfsg1-1vulnerable
gnuplot5 (PTS)jessie5.0.0~rc+dfsg2-1vulnerable
jessie (security)5.0.0~rc+dfsg2-1+deb8u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

No security impact, neutralised by toolchain hardening
No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
see (added in 5.2.6)

Search for package or bug name: Reporting problems