Package: gnuplot Version: 5.4.1+dfsg1-1 Severity: normal X-Debbugs-Cc: kangwoos...@gmail.com
Dear Maintainer, In gnuplot, there is a format string vulnerability that can lead to read and write arbitrary memory values. In term/post.trm, the program get string from getenv() and pass it to sprintf() directly in line 1420. This causes the format string bug which can crash the program. 1420 envcmd = getenv("GNUPLOT_TTFTOPFA"); 1421 if (envcmd != NULL) 1422 sprintf(cmd,envcmd,current_ps_fontfile->fontfile_fullname); Thank you. -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.4.72-microsoft-standard-WSL2 (SMP w/16 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages gnuplot depends on: ii gnuplot-qt [gnuplot-x11] 5.4.1+dfsg1-1 gnuplot recommends no packages. Versions of packages gnuplot suggests: pn gnuplot-doc <none> -- no debconf information