Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-31179 (GCVE-0-2025-31179)
Vulnerability from cvelistv5
Published
2025-03-27 15:08
Modified
2025-05-07 21:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.
References
| ► | URL | Tags | |
|---|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► |
Version: 0 ≤ |
||||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:21:19.028920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:23:33.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://sourceforge.net/projects/gnuplot/",
"defaultStatus": "unaffected",
"packageName": "gnuplot",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "gnuplot",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "gnuplot",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unknown",
"packageName": "gnuplot",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank ChenYiFan Liu for reporting this issue."
}
],
"datePublic": "2025-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T21:27:54.718Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-31179"
},
{
"name": "RHBZ#2355340",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355340"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-27T14:09:54.174000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-03-27T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Gnuplot: gnuplot segmentation fault on xstrftime",
"workarounds": [
{
"lang": "en",
"value": "Currently, no mitigation is available for this vulnerability"
}
],
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-31179",
"datePublished": "2025-03-27T15:08:36.013Z",
"dateReserved": "2025-03-27T14:08:08.893Z",
"dateUpdated": "2025-05-07T21:27:54.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-31179\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-03-27T15:16:03.390\",\"lastModified\":\"2025-07-30T19:40:02.973\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en gnuplot. La funci\u00f3n xstrftime() puede generar un error de segmentaci\u00f3n, lo que provoca un bloqueo del sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnuplot:gnuplot:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.0\",\"matchCriteriaId\":\"DD568251-8BE1-47F8-9126-1C988941DD73\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-31179\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2355340\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-31179\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-27T15:21:19.028920Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-27T15:23:25.643Z\"}}], \"cna\": {\"title\": \"Gnuplot: gnuplot segmentation fault on xstrftime\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank ChenYiFan Liu for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.0\", \"versionType\": \"semver\"}], \"packageName\": \"gnuplot\", \"collectionURL\": \"https://sourceforge.net/projects/gnuplot/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"gnuplot\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"gnuplot\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"gnuplot\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-03-27T14:09:54.174000+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-03-27T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-03-27T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2025-31179\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2355340\", \"name\": \"RHBZ#2355340\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Currently, no mitigation is available for this vulnerability\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-05-07T21:27:54.718Z\"}, \"x_redhatCweChain\": \"CWE-476: NULL Pointer Dereference\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-31179\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-07T21:27:54.718Z\", \"dateReserved\": \"2025-03-27T14:08:08.893Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-03-27T15:08:36.013Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
opensuse-su-2025:15134-1
Vulnerability from csaf_opensuse
Published
2025-05-20 00:00
Modified
2025-05-20 00:00
Summary
gnuplot-6.0.2-3.1 on GA media
Notes
Title of the patch
gnuplot-6.0.2-3.1 on GA media
Description of the patch
These are all security issues fixed in the gnuplot-6.0.2-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15134
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "gnuplot-6.0.2-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the gnuplot-6.0.2-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15134",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15134-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15134-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4W7OHEOIGLIMCJQ3KKSEIFLCYP4GCXR7/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15134-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4W7OHEOIGLIMCJQ3KKSEIFLCYP4GCXR7/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31176 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31177 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31178 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31179 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31180 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3359 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3359/"
}
],
"title": "gnuplot-6.0.2-3.1 on GA media",
"tracking": {
"current_release_date": "2025-05-20T00:00:00Z",
"generator": {
"date": "2025-05-20T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15134-1",
"initial_release_date": "2025-05-20T00:00:00Z",
"revision_history": [
{
"date": "2025-05-20T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-6.0.2-3.1.aarch64",
"product": {
"name": "gnuplot-6.0.2-3.1.aarch64",
"product_id": "gnuplot-6.0.2-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-6.0.2-3.1.ppc64le",
"product": {
"name": "gnuplot-6.0.2-3.1.ppc64le",
"product_id": "gnuplot-6.0.2-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-6.0.2-3.1.s390x",
"product": {
"name": "gnuplot-6.0.2-3.1.s390x",
"product_id": "gnuplot-6.0.2-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-6.0.2-3.1.x86_64",
"product": {
"name": "gnuplot-6.0.2-3.1.x86_64",
"product_id": "gnuplot-6.0.2-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-6.0.2-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64"
},
"product_reference": "gnuplot-6.0.2-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-6.0.2-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le"
},
"product_reference": "gnuplot-6.0.2-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-6.0.2-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x"
},
"product_reference": "gnuplot-6.0.2-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-6.0.2-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
},
"product_reference": "gnuplot-6.0.2-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31176"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31176",
"url": "https://www.suse.com/security/cve/CVE-2025-31176"
},
{
"category": "external",
"summary": "SUSE Bug 1240325 for CVE-2025-31176",
"url": "https://bugzilla.suse.com/1240325"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-31176"
},
{
"cve": "CVE-2025-31177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31177"
}
],
"notes": [
{
"category": "general",
"text": "gnuplot is affected by a heap buffer overflow at function utf8_copy_one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31177",
"url": "https://www.suse.com/security/cve/CVE-2025-31177"
},
{
"category": "external",
"summary": "SUSE Bug 1240326 for CVE-2025-31177",
"url": "https://bugzilla.suse.com/1240326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-31177"
},
{
"cve": "CVE-2025-31178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31178"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31178",
"url": "https://www.suse.com/security/cve/CVE-2025-31178"
},
{
"category": "external",
"summary": "SUSE Bug 1240327 for CVE-2025-31178",
"url": "https://bugzilla.suse.com/1240327"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-31178"
},
{
"cve": "CVE-2025-31179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31179"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31179",
"url": "https://www.suse.com/security/cve/CVE-2025-31179"
},
{
"category": "external",
"summary": "SUSE Bug 1240328 for CVE-2025-31179",
"url": "https://bugzilla.suse.com/1240328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-31179"
},
{
"cve": "CVE-2025-31180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31180"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31180",
"url": "https://www.suse.com/security/cve/CVE-2025-31180"
},
{
"category": "external",
"summary": "SUSE Bug 1240329 for CVE-2025-31180",
"url": "https://bugzilla.suse.com/1240329"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-31180"
},
{
"cve": "CVE-2025-31181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31181"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31181",
"url": "https://www.suse.com/security/cve/CVE-2025-31181"
},
{
"category": "external",
"summary": "SUSE Bug 1240330 for CVE-2025-31181",
"url": "https://bugzilla.suse.com/1240330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-31181"
},
{
"cve": "CVE-2025-3359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3359"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3359",
"url": "https://www.suse.com/security/cve/CVE-2025-3359"
},
{
"category": "external",
"summary": "SUSE Bug 1241684 for CVE-2025-3359",
"url": "https://bugzilla.suse.com/1241684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.aarch64",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.ppc64le",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.s390x",
"openSUSE Tumbleweed:gnuplot-6.0.2-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-3359"
}
]
}
suse-su-2025:01811-1
Vulnerability from csaf_suse
Published
2025-06-04 09:29
Modified
2025-06-04 09:29
Summary
Security update for gnuplot
Notes
Title of the patch
Security update for gnuplot
Description of the patch
This update for gnuplot fixes the following issues:
- CVE-2025-31176: invalid read leads to segmentation fault on plot3d_points (bsc#1240325).
- CVE-2025-31177: improper bounds check leads to heap-buffer overflow on utf8_copy_one (bsc#1240326).
- CVE-2025-31178: unvalidated user input leads to segmentation fault on GetAnnotateString (bsc#1240327).
- CVE-2025-31179: improper verification of time values leads to segmentation fault on xstrftime (bsc#1240328).
- CVE-2025-31180: unchecked invalid pointer access leads to segmentation fault on CANVAS_text (bsc#1240329).
- CVE-2025-31181: double fclose() call leads to segmentation fault on X11_graphics (bsc#1240330).
- CVE-2025-3359: out-of-bounds read when parsing font names may lead to a segmentation fault (bsc#1241684).
Patchnames
SUSE-2025-1811,SUSE-SLE-Module-Server-Applications-15-SP6-2025-1811,openSUSE-SLE-15.6-2025-1811
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for gnuplot",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for gnuplot fixes the following issues:\n\n- CVE-2025-31176: invalid read leads to segmentation fault on plot3d_points (bsc#1240325).\n- CVE-2025-31177: improper bounds check leads to heap-buffer overflow on utf8_copy_one (bsc#1240326).\n- CVE-2025-31178: unvalidated user input leads to segmentation fault on GetAnnotateString (bsc#1240327).\n- CVE-2025-31179: improper verification of time values leads to segmentation fault on xstrftime (bsc#1240328).\n- CVE-2025-31180: unchecked invalid pointer access leads to segmentation fault on CANVAS_text (bsc#1240329).\n- CVE-2025-31181: double fclose() call leads to segmentation fault on X11_graphics (bsc#1240330).\n- CVE-2025-3359: out-of-bounds read when parsing font names may lead to a segmentation fault (bsc#1241684).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1811,SUSE-SLE-Module-Server-Applications-15-SP6-2025-1811,openSUSE-SLE-15.6-2025-1811",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01811-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01811-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501811-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01811-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040132.html"
},
{
"category": "self",
"summary": "SUSE Bug 1240325",
"url": "https://bugzilla.suse.com/1240325"
},
{
"category": "self",
"summary": "SUSE Bug 1240326",
"url": "https://bugzilla.suse.com/1240326"
},
{
"category": "self",
"summary": "SUSE Bug 1240327",
"url": "https://bugzilla.suse.com/1240327"
},
{
"category": "self",
"summary": "SUSE Bug 1240328",
"url": "https://bugzilla.suse.com/1240328"
},
{
"category": "self",
"summary": "SUSE Bug 1240329",
"url": "https://bugzilla.suse.com/1240329"
},
{
"category": "self",
"summary": "SUSE Bug 1240330",
"url": "https://bugzilla.suse.com/1240330"
},
{
"category": "self",
"summary": "SUSE Bug 1241684",
"url": "https://bugzilla.suse.com/1241684"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31176 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31177 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31178 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31179 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31180 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3359 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3359/"
}
],
"title": "Security update for gnuplot",
"tracking": {
"current_release_date": "2025-06-04T09:29:55Z",
"generator": {
"date": "2025-06-04T09:29:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01811-1",
"initial_release_date": "2025-06-04T09:29:55Z",
"revision_history": [
{
"date": "2025-06-04T09:29:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-5.4.3-150400.3.3.1.aarch64",
"product": {
"name": "gnuplot-5.4.3-150400.3.3.1.aarch64",
"product_id": "gnuplot-5.4.3-150400.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-5.4.3-150400.3.3.1.i586",
"product": {
"name": "gnuplot-5.4.3-150400.3.3.1.i586",
"product_id": "gnuplot-5.4.3-150400.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"product": {
"name": "gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"product_id": "gnuplot-doc-5.4.3-150400.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-5.4.3-150400.3.3.1.ppc64le",
"product": {
"name": "gnuplot-5.4.3-150400.3.3.1.ppc64le",
"product_id": "gnuplot-5.4.3-150400.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-5.4.3-150400.3.3.1.s390x",
"product": {
"name": "gnuplot-5.4.3-150400.3.3.1.s390x",
"product_id": "gnuplot-5.4.3-150400.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-5.4.3-150400.3.3.1.x86_64",
"product": {
"name": "gnuplot-5.4.3-150400.3.3.1.x86_64",
"product_id": "gnuplot-5.4.3-150400.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-5.4.3-150400.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64"
},
"product_reference": "gnuplot-5.4.3-150400.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-5.4.3-150400.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le"
},
"product_reference": "gnuplot-5.4.3-150400.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-5.4.3-150400.3.3.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x"
},
"product_reference": "gnuplot-5.4.3-150400.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-5.4.3-150400.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64"
},
"product_reference": "gnuplot-5.4.3-150400.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-doc-5.4.3-150400.3.3.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
},
"product_reference": "gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-5.4.3-150400.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64"
},
"product_reference": "gnuplot-5.4.3-150400.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-5.4.3-150400.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le"
},
"product_reference": "gnuplot-5.4.3-150400.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-5.4.3-150400.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x"
},
"product_reference": "gnuplot-5.4.3-150400.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-5.4.3-150400.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64"
},
"product_reference": "gnuplot-5.4.3-150400.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-doc-5.4.3-150400.3.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
},
"product_reference": "gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31176"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31176",
"url": "https://www.suse.com/security/cve/CVE-2025-31176"
},
{
"category": "external",
"summary": "SUSE Bug 1240325 for CVE-2025-31176",
"url": "https://bugzilla.suse.com/1240325"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-04T09:29:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-31176"
},
{
"cve": "CVE-2025-31177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31177"
}
],
"notes": [
{
"category": "general",
"text": "gnuplot is affected by a heap buffer overflow at function utf8_copy_one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31177",
"url": "https://www.suse.com/security/cve/CVE-2025-31177"
},
{
"category": "external",
"summary": "SUSE Bug 1240326 for CVE-2025-31177",
"url": "https://bugzilla.suse.com/1240326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-04T09:29:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-31177"
},
{
"cve": "CVE-2025-31178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31178"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31178",
"url": "https://www.suse.com/security/cve/CVE-2025-31178"
},
{
"category": "external",
"summary": "SUSE Bug 1240327 for CVE-2025-31178",
"url": "https://bugzilla.suse.com/1240327"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-04T09:29:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-31178"
},
{
"cve": "CVE-2025-31179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31179"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31179",
"url": "https://www.suse.com/security/cve/CVE-2025-31179"
},
{
"category": "external",
"summary": "SUSE Bug 1240328 for CVE-2025-31179",
"url": "https://bugzilla.suse.com/1240328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-04T09:29:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-31179"
},
{
"cve": "CVE-2025-31180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31180"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31180",
"url": "https://www.suse.com/security/cve/CVE-2025-31180"
},
{
"category": "external",
"summary": "SUSE Bug 1240329 for CVE-2025-31180",
"url": "https://bugzilla.suse.com/1240329"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-04T09:29:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-31180"
},
{
"cve": "CVE-2025-31181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31181"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31181",
"url": "https://www.suse.com/security/cve/CVE-2025-31181"
},
{
"category": "external",
"summary": "SUSE Bug 1240330 for CVE-2025-31181",
"url": "https://bugzilla.suse.com/1240330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-04T09:29:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-31181"
},
{
"cve": "CVE-2025-3359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3359"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3359",
"url": "https://www.suse.com/security/cve/CVE-2025-3359"
},
{
"category": "external",
"summary": "SUSE Bug 1241684 for CVE-2025-3359",
"url": "https://bugzilla.suse.com/1241684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.aarch64",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.s390x",
"openSUSE Leap 15.6:gnuplot-5.4.3-150400.3.3.1.x86_64",
"openSUSE Leap 15.6:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-04T09:29:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-3359"
}
]
}
suse-su-2025:01811-2
Vulnerability from csaf_suse
Published
2025-07-16 14:49
Modified
2025-07-16 14:49
Summary
Security update for gnuplot
Notes
Title of the patch
Security update for gnuplot
Description of the patch
This update for gnuplot fixes the following issues:
- CVE-2025-31176: invalid read leads to segmentation fault on plot3d_points (bsc#1240325).
- CVE-2025-31177: improper bounds check leads to heap-buffer overflow on utf8_copy_one (bsc#1240326).
- CVE-2025-31178: unvalidated user input leads to segmentation fault on GetAnnotateString (bsc#1240327).
- CVE-2025-31179: improper verification of time values leads to segmentation fault on xstrftime (bsc#1240328).
- CVE-2025-31180: unchecked invalid pointer access leads to segmentation fault on CANVAS_text (bsc#1240329).
- CVE-2025-31181: double fclose() call leads to segmentation fault on X11_graphics (bsc#1240330).
- CVE-2025-3359: out-of-bounds read when parsing font names may lead to a segmentation fault (bsc#1241684).
Patchnames
SUSE-2025-1811,SUSE-SLE-Module-Server-Applications-15-SP7-2025-1811
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for gnuplot",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for gnuplot fixes the following issues:\n\n- CVE-2025-31176: invalid read leads to segmentation fault on plot3d_points (bsc#1240325).\n- CVE-2025-31177: improper bounds check leads to heap-buffer overflow on utf8_copy_one (bsc#1240326).\n- CVE-2025-31178: unvalidated user input leads to segmentation fault on GetAnnotateString (bsc#1240327).\n- CVE-2025-31179: improper verification of time values leads to segmentation fault on xstrftime (bsc#1240328).\n- CVE-2025-31180: unchecked invalid pointer access leads to segmentation fault on CANVAS_text (bsc#1240329).\n- CVE-2025-31181: double fclose() call leads to segmentation fault on X11_graphics (bsc#1240330).\n- CVE-2025-3359: out-of-bounds read when parsing font names may lead to a segmentation fault (bsc#1241684).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1811,SUSE-SLE-Module-Server-Applications-15-SP7-2025-1811",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01811-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01811-2",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501811-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01811-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021834.html"
},
{
"category": "self",
"summary": "SUSE Bug 1240325",
"url": "https://bugzilla.suse.com/1240325"
},
{
"category": "self",
"summary": "SUSE Bug 1240326",
"url": "https://bugzilla.suse.com/1240326"
},
{
"category": "self",
"summary": "SUSE Bug 1240327",
"url": "https://bugzilla.suse.com/1240327"
},
{
"category": "self",
"summary": "SUSE Bug 1240328",
"url": "https://bugzilla.suse.com/1240328"
},
{
"category": "self",
"summary": "SUSE Bug 1240329",
"url": "https://bugzilla.suse.com/1240329"
},
{
"category": "self",
"summary": "SUSE Bug 1240330",
"url": "https://bugzilla.suse.com/1240330"
},
{
"category": "self",
"summary": "SUSE Bug 1241684",
"url": "https://bugzilla.suse.com/1241684"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31176 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31177 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31178 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31179 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31180 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3359 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3359/"
}
],
"title": "Security update for gnuplot",
"tracking": {
"current_release_date": "2025-07-16T14:49:36Z",
"generator": {
"date": "2025-07-16T14:49:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01811-2",
"initial_release_date": "2025-07-16T14:49:36Z",
"revision_history": [
{
"date": "2025-07-16T14:49:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-5.4.3-150400.3.3.1.aarch64",
"product": {
"name": "gnuplot-5.4.3-150400.3.3.1.aarch64",
"product_id": "gnuplot-5.4.3-150400.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-5.4.3-150400.3.3.1.i586",
"product": {
"name": "gnuplot-5.4.3-150400.3.3.1.i586",
"product_id": "gnuplot-5.4.3-150400.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"product": {
"name": "gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"product_id": "gnuplot-doc-5.4.3-150400.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-5.4.3-150400.3.3.1.ppc64le",
"product": {
"name": "gnuplot-5.4.3-150400.3.3.1.ppc64le",
"product_id": "gnuplot-5.4.3-150400.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-5.4.3-150400.3.3.1.s390x",
"product": {
"name": "gnuplot-5.4.3-150400.3.3.1.s390x",
"product_id": "gnuplot-5.4.3-150400.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-5.4.3-150400.3.3.1.x86_64",
"product": {
"name": "gnuplot-5.4.3-150400.3.3.1.x86_64",
"product_id": "gnuplot-5.4.3-150400.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-5.4.3-150400.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64"
},
"product_reference": "gnuplot-5.4.3-150400.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-5.4.3-150400.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le"
},
"product_reference": "gnuplot-5.4.3-150400.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-5.4.3-150400.3.3.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x"
},
"product_reference": "gnuplot-5.4.3-150400.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-5.4.3-150400.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64"
},
"product_reference": "gnuplot-5.4.3-150400.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-doc-5.4.3-150400.3.3.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
},
"product_reference": "gnuplot-doc-5.4.3-150400.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31176"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31176",
"url": "https://www.suse.com/security/cve/CVE-2025-31176"
},
{
"category": "external",
"summary": "SUSE Bug 1240325 for CVE-2025-31176",
"url": "https://bugzilla.suse.com/1240325"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-16T14:49:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-31176"
},
{
"cve": "CVE-2025-31177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31177"
}
],
"notes": [
{
"category": "general",
"text": "gnuplot is affected by a heap buffer overflow at function utf8_copy_one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31177",
"url": "https://www.suse.com/security/cve/CVE-2025-31177"
},
{
"category": "external",
"summary": "SUSE Bug 1240326 for CVE-2025-31177",
"url": "https://bugzilla.suse.com/1240326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-16T14:49:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-31177"
},
{
"cve": "CVE-2025-31178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31178"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31178",
"url": "https://www.suse.com/security/cve/CVE-2025-31178"
},
{
"category": "external",
"summary": "SUSE Bug 1240327 for CVE-2025-31178",
"url": "https://bugzilla.suse.com/1240327"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-16T14:49:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-31178"
},
{
"cve": "CVE-2025-31179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31179"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31179",
"url": "https://www.suse.com/security/cve/CVE-2025-31179"
},
{
"category": "external",
"summary": "SUSE Bug 1240328 for CVE-2025-31179",
"url": "https://bugzilla.suse.com/1240328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-16T14:49:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-31179"
},
{
"cve": "CVE-2025-31180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31180"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31180",
"url": "https://www.suse.com/security/cve/CVE-2025-31180"
},
{
"category": "external",
"summary": "SUSE Bug 1240329 for CVE-2025-31180",
"url": "https://bugzilla.suse.com/1240329"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-16T14:49:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-31180"
},
{
"cve": "CVE-2025-31181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31181"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31181",
"url": "https://www.suse.com/security/cve/CVE-2025-31181"
},
{
"category": "external",
"summary": "SUSE Bug 1240330 for CVE-2025-31181",
"url": "https://bugzilla.suse.com/1240330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-16T14:49:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-31181"
},
{
"cve": "CVE-2025-3359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3359"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3359",
"url": "https://www.suse.com/security/cve/CVE-2025-3359"
},
{
"category": "external",
"summary": "SUSE Bug 1241684 for CVE-2025-3359",
"url": "https://bugzilla.suse.com/1241684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-5.4.3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:gnuplot-doc-5.4.3-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-16T14:49:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-3359"
}
]
}
suse-su-2025:01805-1
Vulnerability from csaf_suse
Published
2025-06-03 11:57
Modified
2025-06-03 11:57
Summary
Security update for gnuplot
Notes
Title of the patch
Security update for gnuplot
Description of the patch
This update for gnuplot fixes the following issues:
- CVE-2025-31178: unvalidated user input leads to segmentation fault on GetAnnotateString (bsc#1240327).
- CVE-2025-31179: improper verification of time values leads to segmentation fault on xstrftime (bsc#1240328).
- CVE-2025-31181: double fclose() call leads to segmentation fault on X11_graphics (bsc#1240330).
- CVE-2025-3359: out-of-bounds read when parsing font names may lead to a segmentation fault (bsc#1241684).
Patchnames
SUSE-2025-1805,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1805
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for gnuplot",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for gnuplot fixes the following issues:\n\n- CVE-2025-31178: unvalidated user input leads to segmentation fault on GetAnnotateString (bsc#1240327).\n- CVE-2025-31179: improper verification of time values leads to segmentation fault on xstrftime (bsc#1240328).\n- CVE-2025-31181: double fclose() call leads to segmentation fault on X11_graphics (bsc#1240330).\n- CVE-2025-3359: out-of-bounds read when parsing font names may lead to a segmentation fault (bsc#1241684).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1805,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1805",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01805-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01805-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501805-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01805-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021080.html"
},
{
"category": "self",
"summary": "SUSE Bug 1240327",
"url": "https://bugzilla.suse.com/1240327"
},
{
"category": "self",
"summary": "SUSE Bug 1240328",
"url": "https://bugzilla.suse.com/1240328"
},
{
"category": "self",
"summary": "SUSE Bug 1240330",
"url": "https://bugzilla.suse.com/1240330"
},
{
"category": "self",
"summary": "SUSE Bug 1241684",
"url": "https://bugzilla.suse.com/1241684"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31178 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31179 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3359 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3359/"
}
],
"title": "Security update for gnuplot",
"tracking": {
"current_release_date": "2025-06-03T11:57:53Z",
"generator": {
"date": "2025-06-03T11:57:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01805-1",
"initial_release_date": "2025-06-03T11:57:53Z",
"revision_history": [
{
"date": "2025-06-03T11:57:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-4.6.5-3.9.1.aarch64",
"product": {
"name": "gnuplot-4.6.5-3.9.1.aarch64",
"product_id": "gnuplot-4.6.5-3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-4.6.5-3.9.1.i586",
"product": {
"name": "gnuplot-4.6.5-3.9.1.i586",
"product_id": "gnuplot-4.6.5-3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-doc-4.6.5-3.9.1.noarch",
"product": {
"name": "gnuplot-doc-4.6.5-3.9.1.noarch",
"product_id": "gnuplot-doc-4.6.5-3.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-4.6.5-3.9.1.ppc64le",
"product": {
"name": "gnuplot-4.6.5-3.9.1.ppc64le",
"product_id": "gnuplot-4.6.5-3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-4.6.5-3.9.1.s390",
"product": {
"name": "gnuplot-4.6.5-3.9.1.s390",
"product_id": "gnuplot-4.6.5-3.9.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-4.6.5-3.9.1.s390x",
"product": {
"name": "gnuplot-4.6.5-3.9.1.s390x",
"product_id": "gnuplot-4.6.5-3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gnuplot-4.6.5-3.9.1.x86_64",
"product": {
"name": "gnuplot-4.6.5-3.9.1.x86_64",
"product_id": "gnuplot-4.6.5-3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gnuplot-4.6.5-3.9.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1.x86_64"
},
"product_reference": "gnuplot-4.6.5-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31178"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31178",
"url": "https://www.suse.com/security/cve/CVE-2025-31178"
},
{
"category": "external",
"summary": "SUSE Bug 1240327 for CVE-2025-31178",
"url": "https://bugzilla.suse.com/1240327"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T11:57:53Z",
"details": "moderate"
}
],
"title": "CVE-2025-31178"
},
{
"cve": "CVE-2025-31179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31179"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31179",
"url": "https://www.suse.com/security/cve/CVE-2025-31179"
},
{
"category": "external",
"summary": "SUSE Bug 1240328 for CVE-2025-31179",
"url": "https://bugzilla.suse.com/1240328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T11:57:53Z",
"details": "moderate"
}
],
"title": "CVE-2025-31179"
},
{
"cve": "CVE-2025-31181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31181"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31181",
"url": "https://www.suse.com/security/cve/CVE-2025-31181"
},
{
"category": "external",
"summary": "SUSE Bug 1240330 for CVE-2025-31181",
"url": "https://bugzilla.suse.com/1240330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T11:57:53Z",
"details": "moderate"
}
],
"title": "CVE-2025-31181"
},
{
"cve": "CVE-2025-3359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3359"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3359",
"url": "https://www.suse.com/security/cve/CVE-2025-3359"
},
{
"category": "external",
"summary": "SUSE Bug 1241684 for CVE-2025-3359",
"url": "https://bugzilla.suse.com/1241684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnuplot-4.6.5-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-03T11:57:53Z",
"details": "moderate"
}
],
"title": "CVE-2025-3359"
}
]
}
ghsa-hm4c-83cp-q77m
Vulnerability from github
Published
2025-03-27 15:31
Modified
2025-03-27 15:31
Severity ?
VLAI Severity ?
Details
A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.
{
"affected": [],
"aliases": [
"CVE-2025-31179"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-27T15:16:03Z",
"severity": "MODERATE"
},
"details": "A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.",
"id": "GHSA-hm4c-83cp-q77m",
"modified": "2025-03-27T15:31:14Z",
"published": "2025-03-27T15:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31179"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-31179"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355340"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
fkie_cve-2025-31179
Vulnerability from fkie_nvd
Published
2025-03-27 15:16
Modified
2025-07-30 19:40
Severity ?
Summary
A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2025-31179 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2355340 | Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnuplot | gnuplot | * | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnuplot:gnuplot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD568251-8BE1-47F8-9126-1C988941DD73",
"versionEndExcluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en gnuplot. La funci\u00f3n xstrftime() puede generar un error de segmentaci\u00f3n, lo que provoca un bloqueo del sistema."
}
],
"id": "CVE-2025-31179",
"lastModified": "2025-07-30T19:40:02.973",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
},
"published": "2025-03-27T15:16:03.390",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-31179"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355340"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…