gnu

pspp

10 known vulnerabilities · sorted by CVSS score

CVE-2018-20230

An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

gnu / pspp

Local

Published Dec 19, 2018

CVE-2022-39831

HIGH7.8

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.

gnu / pspp+2

Local

Published Sep 5, 2022

CVE-2022-39832

HIGH7.8

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

gnu / pspp+2

Local

Published Sep 5, 2022

CVE-2019-9211

MEDIUM6.5

There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.

gnu / pspp+2

Network

Published Feb 27, 2019

CVE-2025-47815

MEDIUM4.5

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c.

gnu / pspp

Local

Published May 10, 2025

CVE-2025-47814

MEDIUM4.5

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c.

gnu / pspp

Local

Published May 10, 2025

CVE-2025-5001

LOW3.3

A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

gnu / pspp

Local

Published May 20, 2025

CVE-2025-47229

LOW2.9

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such as data that triggers a call from src/data/dictionary.c code into src/data/variable.c code.

gnu / pspp

Local

Published May 3, 2025

CVE-2025-48188

LOW2.9

libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read.

gnu / pspp

Local

Published May 16, 2025

CVE-2025-47816

LOW2.9

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.

gnu / pspp

Local

Published May 10, 2025