CVE-2025-31177: 
NixOS vulnerability analysis and mitigation

gnuplot is affected by a heap buffer overflow vulnerability (CVE-2025-31177) in the utf8copyone function. The vulnerability was discovered and disclosed on March 27, 2025, affecting various versions of gnuplot including versions 5.4.1 and later. The issue impacts multiple Linux distributions including Red Hat Enterprise Linux 6, 7, 8, and Debian systems (CVE Details, Red Hat Portal).

The vulnerability is classified with a CVSS v3 Base Score of 6.2 (Medium severity). The attack vector is Local (AV:L), with Low attack complexity (AC:L), requiring No privileges (PR:N) and No user interaction (UI:N). The scope is Unchanged (S:U), with No impact on Confidentiality (C:N) and Integrity (I:N), but High impact on Availability (A:H) (Wiz Database).

The vulnerability primarily affects system availability through a heap buffer overflow condition. While there is no direct impact on system confidentiality or integrity, the vulnerability could potentially lead to local code execution. The issue is rated as having a moderate impact, particularly concerning system stability and availability (Red Hat Portal).

As of May 2025, the vulnerability remains unfixed in several distributions including Debian (unstable) and Red Hat Enterprise Linux versions 6, 7, and 8. Users are advised to monitor vendor security advisories for patch availability (Debian Tracker).