Vulnerabilities > CVE-2017-9670 - Access of Uninitialized Pointer vulnerability in Gnuplot Project Gnuplot 5.2

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

gnuplot-project

CWE-824

NVD

Published: 2017-06-15

Updated: 2017-07-05

Summary

An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file.

Vulnerable Configurations

Part	Description	Count
Application	Gnuplot_Project Gnuplot Project Gnuplot 5.2	1

Common Weakness Enumeration (CWE)

CWE-824 - Access of Uninitialized Pointer

References

https://sourceforge.net/p/gnuplot/bugs/1933/