Overview

File _patchinfo of Package patchinfo.38683

<patchinfo incident="38683">
  <issue tracker="bnc" id="1241684">VUL-0: CVE-2025-3359: gnuplot: gnuplot: Segmentation fault via IO_str_init_static_internal function</issue>
  <issue tracker="bnc" id="1240328">VUL-0: CVE-2025-31179: gnuplot: segmentation fault on xstrftime</issue>
  <issue tracker="bnc" id="1240325">VUL-0: CVE-2025-31176: gnuplot: segmentation fault on plot3d_points</issue>
  <issue tracker="bnc" id="1240329">VUL-0: CVE-2025-31180: gnuplot: segmentation fault on CANVAS_text</issue>
  <issue tracker="bnc" id="1240330">VUL-0: CVE-2025-31181: gnuplot: segmentation fault on X11_graphics</issue>
  <issue tracker="bnc" id="1240326">VUL-0: CVE-2025-31177: gnuplot: heap-buffer overflow on utf8_copy_one</issue>
  <issue tracker="bnc" id="1240327">VUL-0: CVE-2025-31178: gnuplot: segmentation fault on GetAnnotateString</issue>
  <issue tracker="cve" id="2025-31180"/>
  <issue tracker="cve" id="2025-31178"/>
  <issue tracker="cve" id="2025-31176"/>
  <issue tracker="cve" id="2025-31179"/>
  <issue tracker="cve" id="2025-3359"/>
  <issue tracker="cve" id="2025-31181"/>
  <issue tracker="cve" id="2025-31177"/>
  <packager>WernerFink</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for gnuplot</summary>
  <description>This update for gnuplot fixes the following issues:

- CVE-2025-31176: invalid read leads to segmentation fault on plot3d_points (bsc#1240325).
- CVE-2025-31177: improper bounds check leads to heap-buffer overflow on utf8_copy_one (bsc#1240326).
- CVE-2025-31178: unvalidated user input leads to segmentation fault on GetAnnotateString (bsc#1240327).
- CVE-2025-31179: improper verification of time values leads to segmentation fault on xstrftime (bsc#1240328).
- CVE-2025-31180: unchecked invalid pointer access leads to segmentation fault on CANVAS_text (bsc#1240329).
- CVE-2025-31181: double fclose() call leads to segmentation fault on X11_graphics (bsc#1240330).
- CVE-2025-3359: out-of-bounds read when parsing font names may lead to a segmentation fault (bsc#1241684).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places