Bug 1656174 (CVE-2018-19490)
Summary: | CVE-2018-19490 gnuplot: heap-based buffer overflow in df_generate_ascii_array_entry | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | amello, fkluknav, orion, pcahyna, steve.traylen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-12-06 11:21:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1656175, 1656176 | ||
Bug Blocks: | 1656186 |
Description
Laura Pardo
2018-12-04 21:47:49 UTC
Created gnuplot tracking bugs for this issue: Affects: fedora-all [bug 1656176] Created gnuplot44 tracking bugs for this issue: Affects: epel-6 [bug 1656175] Statement: Gnuplot allows for trivial execution of arbitrary commands from within gnuplot files by design. As such, gnuplot files should be considered as inherently dangerous and users should only execute files from trusted sources. |