{"schema_version":"1.7.2","id":"OESA-2025-2155","modified":"2025-09-05T12:42:49Z","published":"2025-09-05T12:42:49Z","upstream":["CVE-2025-31176","CVE-2025-31179","CVE-2025-31180","CVE-2025-31181","CVE-2025-3359"],"summary":"gnuplot security update","details":"Gnuplot is a portable command-line driven graphing utility for Linux, OS/2, MS Windows, OSX, VMS, and many other platforms. The source code is copyrighted but freely distributed (i.e., you don't have to pay for it). It was originally created to allow scientists and students to visualize mathematical functions and data interactively, but has grown to support many non-interactive uses such as web scripting. It is also used as a plotting engine by third-party applications like Octave. Gnuplot has been supported and under active development since 1986.\r\n\r\nSecurity Fix(es):\n\nA flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.(CVE-2025-31176)\n\nA flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.(CVE-2025-31179)\n\nA flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.(CVE-2025-31180)\n\nA flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.(CVE-2025-31181)\n\nA flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment.(CVE-2025-3359)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"gnuplot","purl":"pkg:rpm/openEuler/gnuplot&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.0.6-15.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["gnuplot-5.0.6-15.oe2203sp4.aarch64.rpm","gnuplot-debuginfo-5.0.6-15.oe2203sp4.aarch64.rpm","gnuplot-debugsource-5.0.6-15.oe2203sp4.aarch64.rpm"],"noarch":["gnuplot-help-5.0.6-15.oe2203sp4.noarch.rpm"],"src":["gnuplot-5.0.6-15.oe2203sp4.src.rpm"],"x86_64":["gnuplot-5.0.6-15.oe2203sp4.x86_64.rpm","gnuplot-debuginfo-5.0.6-15.oe2203sp4.x86_64.rpm","gnuplot-debugsource-5.0.6-15.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2155"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-31176"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-31179"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-31180"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-31181"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3359"}],"database_specific":{"severity":"Medium"}}