1. Home
  2. CVE Database
  3. CVE-2018-19490
HIGH · 7.8

CVE-2018-19490

An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To expl...

Vulnerability Description

An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
GnuplotGnuplot5.2.5
DebianDebian Linux8.0
OpensuseLeap15.0

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2018-19490?

CVE-2018-19490 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To expl...

How severe is CVE-2018-19490?

CVE-2018-19490 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-19490?

Check the references section above for vendor advisories and patch information. Affected products include: Gnuplot Gnuplot, Debian Debian Linux, Opensuse Leap.