Vulnerability Details CVE-2017-10792
There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- http://lists.gnu.org/archive/html/pspp-announce/2017-08/msg00000.html
- http://www.securityfocus.com/bid/99385
- https://bugzilla.redhat.com/show_bug.cgi?id=1467005
- http://lists.gnu.org/archive/html/pspp-announce/2017-08/msg00000.html
- http://www.securityfocus.com/bid/99385
- https://bugzilla.redhat.com/show_bug.cgi?id=1467005