CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6141 – GNU ncurses parse_entry.c postprocess_termcap stack-based overflow
https://notcve.org/view.php?id=CVE-2025-6141
16 Jun 2025 — A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. • https://invisible-island.net/ncurses/NEWS.html#index-t20250329 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5899 – GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap
https://notcve.org/view.php?id=CVE-2025-5899
09 Jun 2025 — A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1YPJLiBzOwVTcc2FzdawYxBJWGujwqy7o/view?usp=sharing • CWE-590: Free of Memory not on the Heap •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5898 – GNU PSPP pspp-convert.c parse_variables_option out-of-bounds write
https://notcve.org/view.php?id=CVE-2025-5898
09 Jun 2025 — A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1ZigqDFZQn5YUWFLu1V2juDGWQgbJFAtX/view?usp=sharing • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 45EXPL: 1CVE-2025-5245 – GNU Binutils objdump debug.c debug_type_samep memory corruption
https://notcve.org/view.php?id=CVE-2025-5245
27 May 2025 — A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. • https://sourceware.org/bugzilla/attachment.cgi?id=16004 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 45EXPL: 1CVE-2025-5244 – GNU Binutils ld elflink.c elf_gc_sweep memory corruption
https://notcve.org/view.php?id=CVE-2025-5244
27 May 2025 — A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. • https://sourceware.org/bugzilla/attachment.cgi?id=16010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5001 – GNU PSPP pspp-convert.c calloc integer overflow
https://notcve.org/view.php?id=CVE-2025-5001
20 May 2025 — A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. • https://drive.google.com/file/d/12IIt8eR591Z8O1ABOCkT_jdXSWaBxMZx/view?usp=drive_link • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4802 – glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH
https://notcve.org/view.php?id=CVE-2025-4802
16 May 2025 — Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo... • https://sourceware.org/bugzilla/show_bug.cgi?id=32976 • CWE-426: Untrusted Search Path •
CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48188
https://notcve.org/view.php?id=CVE-2025-48188
16 May 2025 — libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read. • https://savannah.gnu.org/bugs/?67079 • CWE-125: Out-of-bounds Read •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47814
https://notcve.org/view.php?id=CVE-2025-47814
10 May 2025 — libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c. • https://savannah.gnu.org/bugs/?67074 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47815
https://notcve.org/view.php?id=CVE-2025-47815
10 May 2025 — libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c. • https://savannah.gnu.org/bugs/?67075 • CWE-122: Heap-based Buffer Overflow •