UbuntuUpdates.org

Package "gnuplot"

Name: gnuplot

Description:

Command-line driven interactive plotting program.
Latest version: 6.0.2+dfsg1-1ubuntu0.1
Release: plucky (25.04)
Level: updates
Repository: universe
Homepage: https://gnuplot.sourceforge.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "gnuplot"

All arch deb package
APT INSTALL

Other versions of "gnuplot" in Plucky

Repository Area Version
base universe 6.0.2+dfsg1-1
security universe 6.0.2+dfsg1-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 6.0.2+dfsg1-1ubuntu0.1 2025-09-25 06:07:01 UTC

  gnuplot (6.0.2+dfsg1-1ubuntu0.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2025-3359.patch: Refactor font name parsing to
      prevent off by one error
    - debian/patches/CVE-2025-31176.patch: Add extra guard to prevent
      invalid read from plot->labels
    - debian/patches/CVE-2025-31178.patch: Use snprintf to protect
      against garbage user-supplied mouse format
    - debian/patches/CVE-2025-31179.patch: Add guard against trying to
      format a huge number as a time
    - debian/patches/CVE-2025-31180.patch: Handle nonlinear x2 or y2 axis
      with an incomplete definition
    - debian/patches/CVE-2025-31181.patch: Protect against double fclose()
      if two errors occur in a row
    - CVE-2025-3359
    - CVE-2025-31176
    - CVE-2025-31178
    - CVE-2025-31179
    - CVE-2025-31180
    - CVE-2025-31181
  * SECURITY UPDATE: Heap Buffer Overflow
    - debian/patches/CVE-2025-31177.patch: Add extra guard against y
      bound of dumb terminal charcell array
    - CVE-2025-31177

 -- Bruce Cable <email address hidden> Wed, 03 Sep 2025 10:37:37 +1000
CVE-2025-3359 A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment.
CVE-2025-31176 A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.
CVE-2025-31178 A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.
CVE-2025-31179 A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.
CVE-2025-31180 A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.
CVE-2025-31181 A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.
CVE-2025-31177 gnuplot is affected by a heap buffer overflow at function utf8_copy_one.


About   -   Send Feedback to @ubuntu_updates