| CVE-2025-48188 |
BDSA-2025-4741 |
Medium |
May 16, 2025 |
libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, lead
more...
libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read.
less...
|
0.5.0, 2.0.1, 2.0.0, 1.6.1, 1.5.5, 1.5.4, 1.4.1, 1.4.0, 1.2.0, 1.0.1
|
| CVE-2025-47816 |
BDSA-2025-4081 |
Critical |
May 10, 2025 |
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra con
more...
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.
less...
|
0.5.0, 2.0.1, 2.0.0, 1.6.1, 1.5.5, 1.5.4, 1.4.1, 1.4.0, 1.2.0, 1.0.1
|
| CVE-2025-47815 |
BDSA-2025-4082 |
Critical |
May 10, 2025 |
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read
more...
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c.
less...
|
0.5.0, 2.0.1, 2.0.0, 1.6.1, 1.5.5, 1.5.4, 1.4.1, 1.4.0, 1.2.0, 1.0.1
|
| CVE-2025-47814 |
BDSA-2025-4083 |
Critical |
May 10, 2025 |
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_me
more...
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c.
less...
|
0.5.0, 2.0.1, 2.0.0, 1.6.1, 1.5.5, 1.5.4, 1.4.1, 1.4.0, 1.2.0, 1.0.1
|
| CVE-2025-47229 |
BDSA-2025-3895 |
Medium |
May 03, 2025 |
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via
more...
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such as data that triggers a call from src/data/dictionary.c code into src/data/variable.c code.
less...
|
0.5.0, 2.0.1, 2.0.0, 1.6.1, 1.5.5, 1.5.4, 1.4.1, 1.4.0, 1.2.0, 1.0.1
|
| BDSA-2025-5200 |
|
Medium |
Jun 16, 2025 |
A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function p
more...
A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
**Note: CVE details have been utilized in generating this advisory. The details of the vulnerability have not been independently verified by Black Duck CyRC.**
less...
|
|
| BDSA-2025-5199 |
|
Medium |
Jun 16, 2025 |
A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_op
more...
A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
**Note: CVE details have been utilized in generating this advisory. The details of the vulnerability have not been independently verified by Black Duck CyRC.**
less...
|
|
| BDSA-2025-4733 |
|
Low |
May 30, 2025 |
A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the fun
more...
A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
**Note: CVE details have been utilized in generating this advisory. The details of the vulnerability have not been independently verified by Black Duck CyRC.**
less...
|
|
| BDSA-2022-2537 |
|
Medium |
Sep 13, 2022 |
PSPP contains a heap-based buffer overflow vulnerability due to improper management of system memory resources. An attacker could exploit this flaw by
more...
PSPP contains a heap-based buffer overflow vulnerability due to improper management of system memory resources. An attacker could exploit this flaw by tricking a victim into locally running a maliciously crafted file on the application to cause a denial-of-service (DoS) or other unspecified impacts.
**Note:** This is similar in nature to **CVE-2018-20230** (**BDSA-2018-4770**) but does not occur for the same reason.
less...
|
|
| BDSA-2022-2532 |
|
High |
Sep 13, 2022 |
PSPP contains a heap-based buffer overflow vulnerability due to improper management of system memory resources. An attacker could exploit this flaw by
more...
PSPP contains a heap-based buffer overflow vulnerability due to improper management of system memory resources. An attacker could exploit this flaw by tricking a victim into locally running a maliciously crafted file on the application to cause a denial-of-service (DoS) or other unspecified impacts.
less...
|
|
