Описание
Security update for gnuplot
This update for gnuplot fixes the following issues:
- CVE-2025-31176: invalid read leads to segmentation fault on plot3d_points (bsc#1240325).
- CVE-2025-31177: improper bounds check leads to heap-buffer overflow on utf8_copy_one (bsc#1240326).
- CVE-2025-31178: unvalidated user input leads to segmentation fault on GetAnnotateString (bsc#1240327).
- CVE-2025-31179: improper verification of time values leads to segmentation fault on xstrftime (bsc#1240328).
- CVE-2025-31180: unchecked invalid pointer access leads to segmentation fault on CANVAS_text (bsc#1240329).
- CVE-2025-31181: double fclose() call leads to segmentation fault on X11_graphics (bsc#1240330).
- CVE-2025-3359: out-of-bounds read when parsing font names may lead to a segmentation fault (bsc#1241684).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP6
gnuplot-5.4.3-150400.3.3.1
gnuplot-doc-5.4.3-150400.3.3.1
openSUSE Leap 15.6
gnuplot-5.4.3-150400.3.3.1
gnuplot-doc-5.4.3-150400.3.3.1
Ссылки
- Link for SUSE-SU-2025:01811-1
- E-Mail link for SUSE-SU-2025:01811-1
- SUSE Security Ratings
- SUSE Bug 1240325
- SUSE Bug 1240326
- SUSE Bug 1240327
- SUSE Bug 1240328
- SUSE Bug 1240329
- SUSE Bug 1240330
- SUSE Bug 1241684
- SUSE CVE CVE-2025-31176 page
- SUSE CVE CVE-2025-31177 page
- SUSE CVE CVE-2025-31178 page
- SUSE CVE CVE-2025-31179 page
- SUSE CVE CVE-2025-31180 page
- SUSE CVE CVE-2025-31181 page
- SUSE CVE CVE-2025-3359 page
Описание
A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1
openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1
openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1
Ссылки
- CVE-2025-31176
- SUSE Bug 1240325
Описание
gnuplot is affected by a heap buffer overflow at function utf8_copy_one.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1
openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1
openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1
Ссылки
- CVE-2025-31177
- SUSE Bug 1240326
Описание
A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1
openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1
openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1
Ссылки
- CVE-2025-31178
- SUSE Bug 1240327
Описание
A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1
openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1
openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1
Ссылки
- CVE-2025-31179
- SUSE Bug 1240328
Описание
A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1
openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1
openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1
Ссылки
- CVE-2025-31180
- SUSE Bug 1240329
Описание
A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1
openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1
openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1
Ссылки
- CVE-2025-31181
- SUSE Bug 1240330
Описание
A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1
openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1
openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1
Ссылки
- CVE-2025-3359
- SUSE Bug 1241684