CVE-2025-47816Out-of-bounds Read in Pspp

CWE-125Out-of-bounds Read6 documents6 sources
Severity
9.1CRITICALNVD
CNA2.9
EPSS
0.2%
top 54.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Pspp
Timeline
PublishedMay 10
Latest updateMay 12

Description

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

CVEListV5gnu/pspp2.0.1
NVDgnu/pspp2.0.1

🔴Vulnerability Details

3
GHSA
GHSA-52xv-3j2w-p329: libpspp-core2025-05-11
CVEList
CVE-2025-47816: libpspp-core2025-05-10
OSV
CVE-2025-47816: libpspp-core2025-05-10

📋Vendor Advisories

1
Debian
CVE-2025-47816: pspp - libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-hel...2025

💬Community

1
Bugzilla
CVE-2025-47816 pspp: PSPP: Out-of-bounds Read Vulnerability [fedora-42]2025-05-12
CVE-2025-47816 — Out-of-bounds Read in GNU Pspp | cvebase