pspp -- multiple vulnerabilities

2017-08-18T00:00:00
ID 6876B163-8708-11E7-8568-E8E0B747A45A
Type freebsd
Reporter FreeBSD
Modified 2017-08-30T00:00:00

Description

CVE Details reports:

There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP 0.10.5-pre2 (CVE-2017-10791). There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP 0.10.5-pre2 (CVE-2017-10792). There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12958). There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack (CVE-2017-12959). There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12960). There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12961).