A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash.
URL says this is patched but can't tell if it's made it into a release yet.
I wonder why this would be labelled as a security vulnerability? It is simply a bug.
Gnuplot is a Turing complete language and the user is not supposed to execute scripts of unknown origin.
(In reply to John Helmert III from comment #0)
> URL says this is patched but can't tell if it's made it into a release yet.
Yeah, this will be fixed after the next upstream release. Backporting the patch doesn't make much sense for a problem that has no practical relevance (it is triggered when setting character size to zero and font size to infinity.)
Fixed upstream in gnuplot-5.4.3.
This version is already stable, and older versions have been dropped.