CVE-2021-44917: A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash. URL says this is patched but can't tell if it's made it into a release yet.
I wonder why this would be labelled as a security vulnerability? It is simply a bug. Gnuplot is a Turing complete language and the user is not supposed to execute scripts of unknown origin. (In reply to John Helmert III from comment #0) > URL says this is patched but can't tell if it's made it into a release yet. Yeah, this will be fixed after the next upstream release. Backporting the patch doesn't make much sense for a problem that has no practical relevance (it is triggered when setting character size to zero and font size to infinity.)
Fixed upstream in gnuplot-5.4.3. This version is already stable, and older versions have been dropped.
Ping. Can this be closed, or is any further action required on this bug?
