libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c.
CVSS Score
4.5
EPSS Score
0.0
Published
2025-05-10
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c.
CVSS Score
4.5
EPSS Score
0.0
Published
2025-05-10
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.
CVSS Score
2.9
EPSS Score
0.0
Published
2025-05-10
There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-08-18
There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-08-18
There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-08-18
There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-08-18