EUVD-2025-14246

Malicious code in bioql PyPI...

CVE-2025-5899 GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached...

GNU PSPP Input Validation Error Vulnerability

GNU PSPP is an application for data sampling, statistics and analysis from the American GNU community. An input validation error vulnerability exists in GNU PSPP that stems from improper parameter handling, and no details of the vulnerability are provided at this time...

PT-2025-22311 · Gnu +1 · Gnu Pspp +1

Name of the Vulnerable Software and Affected Versions: GNU PSPP version 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb Description: A vulnerability was found in GNU PSPP, affecting the calloc function in the pspp-convert.c file. The manipulation of the argument -l leads to integer overflow. Local acces...

CVE-2025-47814

CVE-2025-47814 describes a heap-based buffer overflow in PSPP’s zip reader. The vulnerable component is the PSPP core library, specifically the file zip-reader.c, within the function inflate_read (called indirectly from spv_read_xml_member). This issue affects the library artifact libpspp-core.a ...

CVE-2025-47816

CVE-2025-47816 affects GNU PSPP (libpspp-core.a) through version 2.0.1. The vulnerability is an out-of-bounds read in spvxml_parse_attributes (spvxml-helpers.c), related to extra content at the end of a document. All provided connected sources corroborate this issue. Practical impact is an out-of...