CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48188
https://notcve.org/view.php?id=CVE-2025-48188
16 May 2025 — libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read. • https://savannah.gnu.org/bugs/?67079 • CWE-125: Out-of-bounds Read •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47814
https://notcve.org/view.php?id=CVE-2025-47814
10 May 2025 — libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c. • https://savannah.gnu.org/bugs/?67074 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47815
https://notcve.org/view.php?id=CVE-2025-47815
10 May 2025 — libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c. • https://savannah.gnu.org/bugs/?67075 • CWE-122: Heap-based Buffer Overflow •
CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47816
https://notcve.org/view.php?id=CVE-2025-47816
10 May 2025 — libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document. • https://savannah.gnu.org/bugs/?67073 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47229
https://notcve.org/view.php?id=CVE-2025-47229
03 May 2025 — libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such as data that triggers a call from src/data/dictionary.c code into src/data/variable.c code. • https://savannah.gnu.org/bugs/?67049 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-39831
https://notcve.org/view.php?id=CVE-2022-39831
05 Sep 2022 — An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230. Se ha detectado un problema en PSPP versión 1.6.2. Se presenta un desbordamiento de búfer en la región heap de la memoria en la función read_bytes_internal en el archivo utilities/pspp-dump-sav.c, que permite ... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OECANCPD4WSSBJLSC3EE472M5DXRTIS4 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-39832
https://notcve.org/view.php?id=CVE-2022-39832
05 Sep 2022 — An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Se ha detectado un problema en PSPP versión 1.6.2. Se presenta un desbordamiento de búfer en la región heap de la memoria en la función read_string en el archivo utilities/pspp-dump-sav.c, que permite a atacantes causar una denegación de servicio (caída de la ap... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OECANCPD4WSSBJLSC3EE472M5DXRTIS4 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-9211
https://notcve.org/view.php?id=CVE-2019-9211
27 Feb 2019 — There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. Hay un aborto de aserción alcanzable en la función write_long_string_missing_values() en data/sys-file-writer.c en libdata.a en la versión 1.2.0 de GNU PSPP que conducirá a una denegación de servicio (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00068.html • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20230
https://notcve.org/view.php?id=CVE-2018-20230
19 Dec 2018 — An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Se ha descubierto un problema en PSPP 1.2.0. Hay un desbordamiento de búfer basado en pila en la función read_bytes_internal en utilities/pspp-dump-sav.c que permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la apli... • https://bugzilla.redhat.com/show_bug.cgi?id=1660318 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12961
https://notcve.org/view.php?id=CVE-2017-12961
18 Aug 2017 — There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. Se presenta una anulación de aserción en la función parse_attributes() en el archivo data/sys-file-reader.c en la biblioteca libpspp en GNU PSPP anterior a la versión 1.0.1, que conllevará a la denegación de servicio remota. • https://bugzilla.redhat.com/show_bug.cgi?id=1482436 • CWE-20: Improper Input Validation •