CVE-2025-3359

EUVD-2025-10009
A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Debian logo
Debian Releases
Debian Product
Codename
gnuplot
bookworm
unimportant
bullseye
unimportant
forky
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnuplot
bionic
Fixed 5.2.2+dfsg1-2ubuntu1+esm2
released
focal
Fixed 5.2.8+dfsg1-2ubuntu0.1~esm2
released
jammy
Fixed 5.4.2+dfsg2-2ubuntu0.1~esm1
released
noble
Fixed 6.0.0+dfsg1-1ubuntu3+esm1
released
oracular
ignored
plucky
Fixed 6.0.2+dfsg1-1ubuntu0.1
released
questing
Fixed 6.0.2+dfsg1-2ubuntu1
released
resolute
Fixed 6.0.2+dfsg1-2ubuntu1
released
trusty
Fixed 4.6.4-2ubuntu0.1~esm2
released
xenial
Fixed 4.6.6-3ubuntu0.1+esm2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gnuplot
suse enterprise sap 15 SP6
5.4.3-150400.3.3.1
fixed
suse enterprise sap 15 SP7
5.4.3-150400.3.3.1
fixed
suse enterprise server 15 SP4
5.4.3-150400.3.3.1
fixed
suse enterprise server 15 SP6
5.4.3-150400.3.3.1
fixed
suse enterprise server 15 SP7
5.4.3-150400.3.3.1
fixed
gnuplot-doc
suse enterprise sap 15 SP6
5.4.3-150400.3.3.1
fixed
suse enterprise sap 15 SP7
5.4.3-150400.3.3.1
fixed
suse enterprise server 15 SP4
5.4.3-150400.3.3.1
fixed
suse enterprise server 15 SP6
5.4.3-150400.3.3.1
fixed
suse enterprise server 15 SP7
5.4.3-150400.3.3.1
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-3359
https://bugzilla.redhat.com/show_bug.cgi?id=2357749
https://sourceforge.net/p/gnuplot/bugs/2781/