CVE-2025-5001

CWE-189CWE-190Integer Overflow6 documents6 sources
Severity
4.8MEDIUM
EPSS
0.1%
top 70.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Pspp
Timeline
PublishedMay 20
Latest updateMay 21

Description

A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5gnu/pspp82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb

🔴Vulnerability Details

3
GHSA
GHSA-48mm-j996-px5g: A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb2025-05-21
OSV
CVE-2025-5001: A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb2025-05-20
CVEList
GNU PSPP pspp-convert.c calloc integer overflow2025-05-20

📋Vendor Advisories

1
Debian
CVE-2025-5001: pspp - A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. ...2025

💬Community

1
Bugzilla
CVE-2025-5001 pspp: GNU PSPP pspp-convert.c calloc integer overflow [fedora-42]2025-05-20