Gnuplot Project: Security Vulnerabilities
gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-05
The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.
CVSS Score
9.8
EPSS Score
0.011
Published
2021-05-03
gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.004
Published
2020-09-16
An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-06-15