Descriptiongnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnuplot (PTS)buster5.2.6+dfsg1-1+deb10u1vulnerable
sid, trixie, bookworm5.4.4+dfsg1-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

Notes (5.5)
No security impact, gnuplot can execute arbitrary commands and need to
come from a trusted source, see (added in 5.2.6).

Search for package or bug name: Reporting problems