Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 623204 (CVE-2017-9670) - <sci-visualization/gnuplot-5.2.2: Uninitialized stack variable in load_tic_series()
Summary: <sci-visualization/gnuplot-5.2.2: Uninitialized stack variable in load_tic_se...
Status: RESOLVED INVALID
Alias: CVE-2017-9670
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [stable? cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-30 21:38 UTC by Volkan
Modified: 2017-11-19 19:04 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Volkan 2017-06-30 21:38:19 UTC 
An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file.

Upstream bug:

https://sourceforge.net/p/gnuplot/bugs/1933/
Comment 1 Christoph Junghans (RETIRED) gentoo-dev 2017-06-30 21:50:21 UTC 
It seems gnuplot-5.2.rc1 was never added to gx86.
Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-27 00:09:41 UTC 
@Maintainers, 5.2 was released in September, could you please confirm if the fix is available?

Thank you
Comment 3 Ulrich Müller gentoo-dev 2017-11-19 17:23:24 UTC 
I have just committed sci-visualization/gnuplot-5.2.2 and I have verified that it contains the fix attached to the upstream bug:
https://sourceforge.net/p/gnuplot/bugs/1933/


(In reply to Christoph Junghans from comment #1)
> It seems gnuplot-5.2.rc1 was never added to gx86.

Right, and the 5.0 series did not yet support the "set ttics" command. The only version that was affected was the live ebuild (5.1.9999) which never had any keywords (and is gone by now).