CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48188
https://notcve.org/view.php?id=CVE-2025-48188
16 May 2025 — libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read. • https://savannah.gnu.org/bugs/?67079 • CWE-125: Out-of-bounds Read •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47814
https://notcve.org/view.php?id=CVE-2025-47814
10 May 2025 — libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c. • https://savannah.gnu.org/bugs/?67074 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47815
https://notcve.org/view.php?id=CVE-2025-47815
10 May 2025 — libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c. • https://savannah.gnu.org/bugs/?67075 • CWE-122: Heap-based Buffer Overflow •
CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47816
https://notcve.org/view.php?id=CVE-2025-47816
10 May 2025 — libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document. • https://savannah.gnu.org/bugs/?67073 • CWE-125: Out-of-bounds Read •
CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47229
https://notcve.org/view.php?id=CVE-2025-47229
03 May 2025 — libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such as data that triggers a call from src/data/dictionary.c code into src/data/variable.c code. • https://savannah.gnu.org/bugs/?67049 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-39831
https://notcve.org/view.php?id=CVE-2022-39831
05 Sep 2022 — An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230. Se ha detectado un problema en PSPP versión 1.6.2. Se presenta un desbordamiento de búfer en la región heap de la memoria en la función read_bytes_internal en el archivo utilities/pspp-dump-sav.c, que permite ... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OECANCPD4WSSBJLSC3EE472M5DXRTIS4 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-39832
https://notcve.org/view.php?id=CVE-2022-39832
05 Sep 2022 — An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Se ha detectado un problema en PSPP versión 1.6.2. Se presenta un desbordamiento de búfer en la región heap de la memoria en la función read_string en el archivo utilities/pspp-dump-sav.c, que permite a atacantes causar una denegación de servicio (caída de la ap... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OECANCPD4WSSBJLSC3EE472M5DXRTIS4 • CWE-787: Out-of-bounds Write •