16 matches found
CVE-2018-20230
CVE-2018-20230 affects PSPP 1.2.0 due to a heap-based buffer overflow in read_bytes_internal (utilities/pspp-dump-sav.c). Impact per the entry: denial of service via application crash and possible unspecified other effects. The connected records also reference CVE-2022-39831 affecting PSPP 1.6.2 ...
CVE-2019-9211
The CVE-2019-9211 issue affects PSPP 1.2.0, where a reachable assertion abort in write_long_string_missing_values() within data/sys-file-writer.c in libdata.a can cause a denial of service. Connected sources confirm this exact component and function are implicated, and multiple advisories (openSU...
CVE-2022-39832
PSPP 1.6.2 contains a heap-based buffer overflow in read_string (utilities/pspp-dump-sav.c) that can cause a denial of service (application crash) or possibly other impact. Exploitation details are not provided beyond the CVE description; CVSS data indicates local attack vector with high impact o...
CVE-2022-39831
CVE-2022-39831 affects PSPP 1.6.2. A heap-based buffer overflow occurs in function read_bytes_internal (utilities/pspp-dump-sav.c), enabling a denial of service (application crash) and potentially unspecified other impact. The issue is explicitly noted as different from CVE-2018-20230. The provid...
CVE-2025-47229
CVE-2025-47229 affects GNU PSPP (libpspp-core.a) up to version 2.0.1. The root cause is a denial-of-service condition triggered by crafted input data that causes a var_set_leave_quiet assertion failure and application exit, via a call path from src/data/dictionary.c into src/data/variable.c. Mult...
CVE-2025-47814
CVE-2025-47814 describes a heap-based buffer overflow in PSPP’s zip reader. The vulnerable component is the PSPP core library, specifically the file zip-reader.c, within the function inflate_read (called indirectly from spv_read_xml_member). This issue affects the library artifact libpspp-core.a ...
CVE-2025-47815
CVE-2025-47815 affects GNU PSPP up to version 2.0.1, via the libpspp-core.a component. The issue is a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c, due to improper validation of input length/size. This is the stated root cause and vulnera...
CVE-2017-12960
CVE-2017-12960 concerns the GNU PSPP project. The vulnerability is a reachable assertion abort in the function dict_rename_var() located in data/dictionary.c of the libpspp library, affecting PSPP prior to version 1.0.1 and potentially enabling remote denial of service. The connected sources corr...
CVE-2017-10792
CVE-2017-10792 affects GNU PSPP’s libpspp ll_insert() with a NULL pointer dereference that can crash the library and trigger a remote denial of service when processing crafted SPSS data into CSV. Affected: PSPP versions before 0.11.0 (libpspp/libpspp). Public references (CNVD-2017-21499, related ...
CVE-2025-47816
CVE-2025-47816 affects GNU PSPP (libpspp-core.a) through version 2.0.1. The vulnerability is an out-of-bounds read in spvxml_parse_attributes (spvxml-helpers.c), related to extra content at the end of a document. All provided connected sources corroborate this issue. Practical impact is an out-of...
CVE-2017-10791
CVE-2017-10791 affects GNU PSPP via an Integer overflow in the hash_int function of libpspp. The vulnerability exists in PSPP releases prior to 0.11.0, including reported cases where crafted SPSS data converted to CSV can trigger a crash, enabling a remote denial of service. Connected advisories ...
CVE-2017-12958
CVE-2017-12958 affects GNU PSPP’s libpspp, specifically the output_hex() function in data/data-out.c. The vulnerability arises from an illegal address access in this function, and is described as leading to remote denial of service when exploited. The CVE is noted as affecting PSPP versions befor...
CVE-2017-12959
CVE-2017-12959 affects the GNU PSPP project’s C library libpspp. Multiple connected sources confirm a vulnerability in the function dict_add_mrset() in data/dictionary.c (GNU PSPP) present before version 1.0.1 , allowing a remote attacker to trigger a denial of service. The issue is described acr...
CVE-2025-5001
CVE-2025-5001 affects GNU PSPP (pspp-convert.c: calloc). Root cause: manipulation of the -l argument leads to an integer overflow in calloc. Impact: potential local impact, with availability degraded; confidentiality/integrity not affected per sources. Exploit has been disclosed publicly. Affecte...
CVE-2017-12961
CVE-2017-12961 affects GNU PSPP (libpspp), specifically the function parse_attributes() in data/sys-file-reader.c, with vulnerable versions prior to 1.0.1. The issue is an assertion abort that can cause a remote denial of service. Public details consistently describe the root cause and impact as ...
CVE-2025-48188
The CVE-2025-48188 issue affects GNU PSPP’s libpspp-core.a up to version 2.0.1. A faulty call from fill_buffer (data/encrypted-file.c) to the Gnulib rijndaelDecrypt function leads to a heap-based buffer over-read, which can cause memory disclosure or an application crash. Several sources (includi...