Bugzilla – Bug 1117465
VUL-1: CVE-2018-19490: gnuplot: an attacker can conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry
Last modified: 2020-07-13 12:31:47 UTC
CVE-2018-19490 An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19490 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19490.html http://www.cvedetails.com/cve/CVE-2018-19490/ https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html https://sourceforge.net/p/gnuplot/bugs/2093/ https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
Same upstream patch [0] for gnuplot 5.2 as bsc#1117463 and bsc#1117464. In this case the changes to df_generate_ascii_array_entry are significant. [0] https://sourceforge.net/p/gnuplot/gnuplot-main/ci/e3cc539c23ceb1640395236248f0ab5a26397557/
df_generate_ascii_array_entry means the changes in datafile.c
only one codestream seems to be affected: - SUSE:SLE-15:Update/gnuplot the function df_generate_ascii_array_entry is missing in sle-12 and before
SUSE-SU-2019:0904-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1117463,1117464,1117465 CVE References: CVE-2018-19490,CVE-2018-19491,CVE-2018-19492 Sources used: SUSE Linux Enterprise Module for Server Applications 15 (src): gnuplot-5.2.2-3.3.29 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1216-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1117463,1117464,1117465 CVE References: CVE-2018-19490,CVE-2018-19491,CVE-2018-19492 Sources used: openSUSE Leap 15.0 (src): gnuplot-5.2.2-lp150.3.3.1
Fix had reached products
SUSE-SU-2020:14388-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1044638,1117463,1117464,1117465,375175 CVE References: CVE-2017-9670,CVE-2018-19490,CVE-2018-19491,CVE-2018-19492 Sources used: SUSE Linux Enterprise Debuginfo 11-SP4 (src): gnuplot-4.2.3-7.3.22 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:1660-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1044638,1117463,1117464,1117465 CVE References: CVE-2017-9670,CVE-2018-19490,CVE-2018-19491,CVE-2018-19492 Sources used: SUSE Linux Enterprise Server 12-SP5 (src): gnuplot-4.6.5-3.3.74 SUSE Linux Enterprise Server 12-SP4 (src): gnuplot-4.6.5-3.3.74 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done