Описание
Security update for gnuplot
This update for gnuplot fixes the following issues:
Security issues fixed:
- CVE-2018-19492: Fixed a buffer overflow in cairotrm_options function (bsc#1117463)
- CVE-2018-19491: Fixed a buffer overlow in the PS_options function (bsc#1117464)
- CVE-2018-19490: Fixed a heap-based buffer overflow in the df_generate_ascii_array_entry function (bsc#1117465)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
Ссылки
- E-Mail link for openSUSE-SU-2019:1216-1
- SUSE Security Ratings
- SUSE Bug 1117463
- SUSE Bug 1117464
- SUSE Bug 1117465
- SUSE CVE CVE-2018-19490 page
- SUSE CVE CVE-2018-19491 page
- SUSE CVE CVE-2018-19492 page
Описание
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.
Затронутые продукты
Ссылки
- CVE-2018-19490
- SUSE Bug 1117465
Описание
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.
Затронутые продукты
Ссылки
- CVE-2018-19491
- SUSE Bug 1117464
Описание
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.
Затронутые продукты
Ссылки
- CVE-2018-19492
- SUSE Bug 1117463