Main Vulnerability Database Vulnerabilities #VU47052

#VU47052 Buffer overflow in Gnuplot - CVE-2020-25412

Published: September 16, 2020 / Updated: September 24, 2020

Vulnerability identifier: #VU47052

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-25412

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Gnuplot

Software vendor:
Gnuplot

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the com_line() function in command.c. A remote attacker can trick the victim to open a specially crafted file with the application, trigger memory corruption and execute arbitrary code on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

External links

https://sourceforge.net/p/gnuplot/bugs/2303/

#VU47052 Buffer overflow in Gnuplot - CVE-2020-25412

Description

Remediation

External links

Please verify you're human