CVE-2017-9670

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-9670

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9670.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-9670

Related

Published

2017-06-15T13:29:00Z

Modified

2025-04-20T01:37:25Z

Downstream

SUSE-SU-2020:1660-1

openSUSE-SU-2024:10800-1

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An uninitialized stack variable vulnerability in loadticseries() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file.

References

Affected packages

Debian:11 / gnuplot

Package

Name: gnuplot
Purl: pkg:deb/debian/gnuplot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.0.5+dfsg1-7

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / gnuplot

Package

Name: gnuplot
Purl: pkg:deb/debian/gnuplot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.0.5+dfsg1-7

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / gnuplot

Package

Name: gnuplot
Purl: pkg:deb/debian/gnuplot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.0.5+dfsg1-7

Ecosystem specific

{
    "urgency": "unimportant"
}