SUSE-SU-2025:01811-2

CVE-2025-31176: invalid read leads to segmentation fault on plot3d_points (bsc#1240325).
CVE-2025-31177: improper bounds check leads to heap-buffer overflow on utf8copyone (bsc#1240326).
CVE-2025-31178: unvalidated user input leads to segmentation fault on GetAnnotateString (bsc#1240327).
CVE-2025-31179: improper verification of time values leads to segmentation fault on xstrftime (bsc#1240328).
CVE-2025-31180: unchecked invalid pointer access leads to segmentation fault on CANVAS_text (bsc#1240329).
CVE-2025-31181: double fclose() call leads to segmentation fault on X11_graphics (bsc#1240330).
CVE-2025-3359: out-of-bounds read when parsing font names may lead to a segmentation fault (bsc#1241684).

References

Affected packages

SUSE:Linux Enterprise Module for Server Applications 15 SP7

gnuplot

Name: gnuplot
Purl: pkg:rpm/suse/gnuplot&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.3-150400.3.3.1

{
    "binaries": [
        {
            "gnuplot-doc": "5.4.3-150400.3.3.1",
            "gnuplot": "5.4.3-150400.3.3.1"
        }
    ]
}

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:01811-2.json"

gnuplot-doc

Name: gnuplot-doc
Purl: pkg:rpm/suse/gnuplot-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.3-150400.3.3.1

{
    "binaries": [
        {
            "gnuplot-doc": "5.4.3-150400.3.3.1",
            "gnuplot": "5.4.3-150400.3.3.1"
        }
    ]
}

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:01811-2.json"