gnuplot 5.4 is affected by a segmentation fault in com_line () at command.c, which may result in context-dependent arbitrary code execution. Reference: https://sourceforge.net/p/gnuplot/bugs/2303/
Created gnuplot tracking bugs for this issue: Affects: fedora-all [bug 1882324]
Statement: gnuplot as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8 is not affected because the vulnerable code was introduced in a subsequent version of gnuplot.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25412
External References: Upstream patch: https://github.com/gnuplot/gnuplot/commit/963c7df3e0c5266efff260d0dff757dfe03d3632
Flaw summary: An execution path from com_line() in command.c results in strncpy() being called with a length of 0xffffffffffffffff, causing an out-of-bounds write. This was originally described as segfault possibly leading to arbitrary code execution, but we felt that the description should be revised taking into account the cause of the flaw instead of the symptom. If the program segfaults, then it would halt, and thus not lead to arbitrary code execution subsequently.