Package gnuplot updated to version 5.4.0-alt2 for branch sisyphus in task 261537.

Published: 2020-09-16
Modified: 2024-11-21

CVE-2020-25412

com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2020-09-16
Modified: 2024-11-21

CVE-2020-25559

gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Version: 2.1.0