Alerts This Week
Warning Icon 1 1,111
Alerts This Week
Warning Icon 1 1,111

Ubuntu 20.04: USN-7589-1 important: Gnuplot buffer overflow

ubuntu
Calendar Grey June 24, 2025
Dist Ubuntu Esm H88
Multiple security flaws in Gnuplot for Ubuntu 14.04 LTS and 20.04 LTS addressed; essential updates recommended for safeguarding.
Several security issues were fixed in Gnuplot.

Summary

Several security issues were fixed in Gnuplot.

Software Description:

- gnuplot: A portable command-line driven graphing utility.

Details:

Tim Blazytko, Cornelius Aschermann, Sergej Schumilo, and Nils Bars

discovered that Gnuplot had several memory-related issues. An

attacker could possibly use these issues to cause Gnuplot to

experience a buffer overflow, resulting in a denial of service or

arbitrary code execution. These issues only affected Ubuntu

14.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19490, CVE-2018-19491,

CVE-2018-19492)

It was discovered that Gnuplot could write out-of-bounds due to

the use of strncpy(). An attacker could possibly use this issue

to enable the execution of arbitrary code. This issue only

affected Ubuntu 20.04 LTS. (CVE-2020-25412)

It was discovered that Gnuplot incorrectly freed memory when

executing print_set_output(). An attacker could possibly use this

issue to enable the execution of arbitrary code. (CVE-2020-25559)

It was discovered that Gnuplot'...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  gnuplot                         5.2.8+dfsg1-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  gnuplot-data                    5.2.8+dfsg1-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  gnuplot-nox                     5.2.8+dfsg1-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  gnuplot-qt                      5.2.8+dfsg1-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  gnuplot-x11                     5.2.8+dfsg1-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  gnuplot                         5.2.2+dfsg1-2ubuntu1+esm1
                                  Available with Ubuntu Pro
  gnuplot-data                    5.2.2+dfsg1-2ubuntu1+esm1
                                  Available with Ubuntu Pro
  gnuplot-nox                     5.2.2+dfsg1-2ubuntu1+esm1
                                  Available with Ubuntu Pro
  gnuplot-qt                      5.2.2+dfsg1-2ubuntu1+esm1
                                  Available with Ubuntu Pro
  gnuplot-x11                     5.2.2+dfsg1-2ubuntu1+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  gnuplot                         4.6.6-3ubuntu0.1+esm1
                                  Available with Ubuntu Pro
  gnuplot-data                    4.6.6-3ubuntu0.1+esm1
                                  Available with Ubuntu Pro
  gnuplot-nox                     4.6.6-3ubuntu0.1+esm1
                                  Available with Ubuntu Pro
  gnuplot-qt                      4.6.6-3ubuntu0.1+esm1
                                  Available with Ubuntu Pro
  gnuplot-tex                     4.6.6-3ubuntu0.1+esm1
                                  Available with Ubuntu Pro
  gnuplot-x11                     4.6.6-3ubuntu0.1+esm1
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  gnuplot                         4.6.4-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  gnuplot-nox                     4.6.4-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  gnuplot-qt                      4.6.4-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  gnuplot-x11                     4.6.4-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary
changes.

References

https://ubuntu.com/security/notices/USN-7589-1

CVE-2018-19490, CVE-2018-19491, CVE-2018-19492, CVE-2020-25412,

CVE-2020-25559, CVE-2020-25969, CVE-2021-44917

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7589-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here