Bug#985248: gnuplot: format string bug in PS_load_fontfile()
Wooseok Kang
kangwoosuk1 at gmail.com
Mon Mar 15 02:33:00 GMT 2021
Package: gnuplot
Version: 5.4.1+dfsg1-1
Severity: normal
X-Debbugs-Cc: kangwoosuk1 at gmail.com
Dear Maintainer,
In gnuplot, there is a format string vulnerability
that can lead to read and write arbitrary memory values.
In term/post.trm, the program get string from getenv() and pass it to sprintf() directly in line 1420.
This causes the format string bug which can crash the program.
1420 envcmd = getenv("GNUPLOT_TTFTOPFA");
1421 if (envcmd != NULL)
1422 sprintf(cmd,envcmd,current_ps_fontfile->fontfile_fullname);
Thank you.
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.72-microsoft-standard-WSL2 (SMP w/16 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages gnuplot depends on:
ii gnuplot-qt [gnuplot-x11] 5.4.1+dfsg1-1
gnuplot recommends no packages.
Versions of packages gnuplot suggests:
pn gnuplot-doc <none>
-- no debconf information
More information about the debian-science-maintainers
mailing list