1. Home
  2. CVE Database
  3. CVE-2018-19491
HIGH · 7.8

CVE-2018-19491

An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a m...

Vulnerability Description

An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
GnuplotGnuplot5.2.5
DebianDebian Linux8.0
OpensuseLeap15.0

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2018-19491?

CVE-2018-19491 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a m...

How severe is CVE-2018-19491?

CVE-2018-19491 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-19491?

Check the references section above for vendor advisories and patch information. Affected products include: Gnuplot Gnuplot, Debian Debian Linux, Opensuse Leap.