An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file.
7.8CVSS
7.9AI Score
0.001EPSS
com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.
9.8CVSS
9.6AI Score
0.011EPSS
gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution.
7.8CVSS
7.8AI Score
0.001EPSS
gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().
9.8CVSS
9.7AI Score
0.002EPSS
The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.
9.8CVSS
9.6AI Score
0.004EPSS