CVE-2025-5001

A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
gnupspp
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pspp
bullseye
unimportant
bookworm
unimportant
trixie
unimportant
sid
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pspp
plucky
needs-triage
oracular
ignored
noble
needs-triage
jammy
needs-triage
focal
dne
bionic
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://drive.google.com/file/d/12IIt8eR591Z8O1ABOCkT_jdXSWaBxMZx/view?usp=drive_link
https://savannah.gnu.org/bugs/index.php?67069
https://vuldb.com/?ctiid.309652
https://vuldb.com/?id.309652
https://vuldb.com/?submit.569966
https://www.gnu.org/
https://savannah.gnu.org/bugs/index.php?67069