3 matches found
CVE-2025-47229
CVE-2025-47229 affects GNU PSPP (libpspp-core.a) up to version 2.0.1. The root cause is a denial-of-service condition triggered by crafted input data that causes a var_set_leave_quiet assertion failure and application exit, via a call path from src/data/dictionary.c into src/data/variable.c. Mult...
CVE-2025-5001
CVE-2025-5001 affects GNU PSPP (pspp-convert.c: calloc). Root cause: manipulation of the -l argument leads to an integer overflow in calloc. Impact: potential local impact, with availability degraded; confidentiality/integrity not affected per sources. Exploit has been disclosed publicly. Affecte...
CVE-2025-48188
The CVE-2025-48188 issue affects GNU PSPP’s libpspp-core.a up to version 2.0.1. A faulty call from fill_buffer (data/encrypted-file.c) to the Gnulib rijndaelDecrypt function leads to a heap-based buffer over-read, which can cause memory disclosure or an application crash. Several sources (includi...