What is the severity of USN-4541-1?

The severity of USN-4541-1 is categorized as high due to the potential for a heap buffer overflow that could lead to a denial of service.

How do I fix USN-4541-1?

To fix USN-4541-1, upgrade the affected packages to version 4.6.6-3ubuntu0.1 on Ubuntu 16.04.

Which versions of Gnuplot are affected by USN-4541-1?

USN-4541-1 affects all versions of Gnuplot below 4.6.6-3ubuntu0.1 on Ubuntu 16.04.

What is the cause of the vulnerability referenced in USN-4541-1?

The cause of the vulnerability in USN-4541-1 is improper validation of string sizes in the df_generate_ascii_array_entry function.

What products are impacted by USN-4541-1?

The products impacted by USN-4541-1 include gnuplot, gnuplot-data, gnuplot-nox, gnuplot-qt, gnuplot-tex, and gnuplot-x11 on Ubuntu 16.04.

Vulnerability/
USN-4541-1

CWE

119

25/9/2020

USN-4541-1: Gnuplot vulnerabilities

First published: Fri Sep 25 2020(Updated: )

Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the df_generate_ascii_array_entry function. An attacker could possibly use this issue to cause a heap buffer overflow, resulting in a denial of service attack or arbitrary code execution. (CVE-2018-19490) Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the PS_options function when the Gnuplot postscript terminal is used as a backend. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service attack or arbitrary code execution. (CVE-2018-19491) Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the cairotrm_options function when the Gnuplot postscript terminal is used as a backend. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service attack or arbitrary code execution. (CVE-2018-19492)

Affected Software	Affected Version	How to fix
All of
ubuntu/gnuplot	<4.6.6-3ubuntu0.1	4.6.6-3ubuntu0.1
Ubuntu	=16.04
All of
ubuntu/gnuplot-data	<4.6.6-3ubuntu0.1	4.6.6-3ubuntu0.1
Ubuntu	=16.04
All of
ubuntu/gnuplot-nox	<4.6.6-3ubuntu0.1	4.6.6-3ubuntu0.1
Ubuntu	=16.04
All of
ubuntu/gnuplot-qt	<4.6.6-3ubuntu0.1	4.6.6-3ubuntu0.1
Ubuntu	=16.04
All of
ubuntu/gnuplot-tex	<4.6.6-3ubuntu0.1	4.6.6-3ubuntu0.1
Ubuntu	=16.04
All of
ubuntu/gnuplot-x11	<4.6.6-3ubuntu0.1	4.6.6-3ubuntu0.1
Ubuntu	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-4541-1?
The severity of USN-4541-1 is categorized as high due to the potential for a heap buffer overflow that could lead to a denial of service.
How do I fix USN-4541-1?
To fix USN-4541-1, upgrade the affected packages to version 4.6.6-3ubuntu0.1 on Ubuntu 16.04.
Which versions of Gnuplot are affected by USN-4541-1?
USN-4541-1 affects all versions of Gnuplot below 4.6.6-3ubuntu0.1 on Ubuntu 16.04.
What is the cause of the vulnerability referenced in USN-4541-1?
The cause of the vulnerability in USN-4541-1 is improper validation of string sizes in the df_generate_ascii_array_entry function.
What products are impacted by USN-4541-1?
The products impacted by USN-4541-1 include gnuplot, gnuplot-data, gnuplot-nox, gnuplot-qt, gnuplot-tex, and gnuplot-x11 on Ubuntu 16.04.

agent/severity
agent/type
agent/last-modified-date
agent/first-publish-date
agent/title
agent/references
agent/weakness
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu
version/ubuntu/16.04