{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70818?format=json","vulnerability_id":"VCID-s2yk-mru4-33du","summary":"com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.","aliases":[{"alias":"CVE-2020-25412"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97000?format=json","purl":"pkg:deb/debian/gnuplot@6.0.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnuplot@6.0.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96996?format=json","purl":"pkg:deb/debian/gnuplot@6.0.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnuplot@6.0.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/195572?format=json","purl":"pkg:deb/debian/gnuplot@6.0.2%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnuplot@6.0.2%252Bdfsg1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/96995?format=json","purl":"pkg:deb/debian/gnuplot@6.0.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnuplot@6.0.3%252Bdfsg1-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195570?format=json","purl":"pkg:deb/debian/gnuplot@5.4.1%2Bdfsg1-1%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7s2e-pz75-pya6"},{"vulnerability":"VCID-gv2t-9tpk-tua6"},{"vulnerability":"VCID-s2yk-mru4-33du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnuplot@5.4.1%252Bdfsg1-1%252Bdeb11u1"},{"url":"http://public2.vulnerablecode.io/api/packages/96993?format=json","purl":"pkg:deb/debian/gnuplot@5.4.1%2Bdfsg1-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7s2e-pz75-pya6"},{"vulnerability":"VCID-gv2t-9tpk-tua6"},{"vulnerability":"VCID-s2yk-mru4-33du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnuplot@5.4.1%252Bdfsg1-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/195571?format=json","purl":"pkg:deb/debian/gnuplot@5.4.4%2Bdfsg1-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7s2e-pz75-pya6"},{"vulnerability":"VCID-gv2t-9tpk-tua6"},{"vulnerability":"VCID-s2yk-mru4-33du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnuplot@5.4.4%252Bdfsg1-2"},{"url":"http://public2.vulnerablecode.io/api/packages/96991?format=json","purl":"pkg:deb/debian/gnuplot@5.4.4%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7s2e-pz75-pya6"},{"vulnerability":"VCID-gv2t-9tpk-tua6"},{"vulnerability":"VCID-s2yk-mru4-33du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnuplot@5.4.4%252Bdfsg1-2%3Fdistro=trixie"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25412.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25412.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25412","reference_id":"","reference_type":"","scores":[{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.70252","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.70294","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.70303","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.70285","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.70274","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.70296","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25412"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1882322","reference_id":"1882322","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1882322"},{"reference_url":"https://usn.ubuntu.com/7589-1/","reference_id":"USN-7589-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7589-1/"}],"weaknesses":[{"cwe_id":125,"name":"Out-of-bounds Read","description":"The product reads data past the end, or before the beginning, of the intended buffer."}],"exploits":[],"severity_range_score":"7.8 - 7.8","exploitability":"0.5","weighted_severity":"7.0","risk_score":3.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s2yk-mru4-33du"}