UbuntuUpdates.org

Package "gnuplot-qt"

Name: gnuplot-qt

Description:

Command-line driven interactive plotting program. QT-package
Latest version: 6.0.2+dfsg1-1ubuntu0.1
Release: plucky (25.04)
Level: security
Repository: universe
Head package: gnuplot
Homepage: https://gnuplot.sourceforge.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "gnuplot-qt"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "gnuplot-qt" in Plucky

Repository Area Version
base universe 6.0.2+dfsg1-1
updates universe 6.0.2+dfsg1-1ubuntu0.1

Changelog

Version: 6.0.2+dfsg1-1ubuntu0.1 2025-09-25 04:06:59 UTC

  gnuplot (6.0.2+dfsg1-1ubuntu0.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2025-3359.patch: Refactor font name parsing to
      prevent off by one error
    - debian/patches/CVE-2025-31176.patch: Add extra guard to prevent
      invalid read from plot->labels
    - debian/patches/CVE-2025-31178.patch: Use snprintf to protect
      against garbage user-supplied mouse format
    - debian/patches/CVE-2025-31179.patch: Add guard against trying to
      format a huge number as a time
    - debian/patches/CVE-2025-31180.patch: Handle nonlinear x2 or y2 axis
      with an incomplete definition
    - debian/patches/CVE-2025-31181.patch: Protect against double fclose()
      if two errors occur in a row
    - CVE-2025-3359
    - CVE-2025-31176
    - CVE-2025-31178
    - CVE-2025-31179
    - CVE-2025-31180
    - CVE-2025-31181
  * SECURITY UPDATE: Heap Buffer Overflow
    - debian/patches/CVE-2025-31177.patch: Add extra guard against y
      bound of dumb terminal charcell array
    - CVE-2025-31177

 -- Bruce Cable <email address hidden> Wed, 03 Sep 2025 10:37:37 +1000
CVE-2025-3359 A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment.
CVE-2025-31176 A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.
CVE-2025-31178 A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.
CVE-2025-31179 A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.
CVE-2025-31180 A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.
CVE-2025-31181 A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.
CVE-2025-31177 gnuplot is affected by a heap buffer overflow at function utf8_copy_one.


About   -   Send Feedback to @ubuntu_updates