CVE-2017-9670
HIGHgnuplot 5.2.rc1 - Denial of Service via Crafted File in load_tic_series()
Title source: llmDescription
An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file.
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_confirm
https://sourceforge.net/p/gnuplot/bugs/1933/
Scores
CVSS v3
7.8
EPSS
0.0087
EPSS Percentile
53.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-824
Status
published
Products (1)
gnuplot/gnuplot
5.2 rc1
Published
Jun 15, 2017
Tracked Since
Feb 18, 2026