•
MEDIUM Severity
CVE-2025-47814
Heap-based buffer overflow vulnerability in GNU PSPP through 2.0.1
Overview
This vulnerability identified as CVE-2025-47814 pertains to a heap-based buffer overflow found in libpspp-core.a in GNU PSPP software up to version 2.0.1.
Technical Details
The flaw resides in the inflate_read function that's called indirectly from the spv_read_xml_member in zip-reader.c, allowing attackers to cause a heap-based buffer overflow.
CVSS Metrics
- Base Score: 4.5
- Attack Vector: LOCAL
- Attack Complexity: HIGH
- Privileges Required: NONE
- User Interaction: NONE
- Scope: CHANGED
- Confidentiality Impact: NONE
- Integrity Impact: LOW
- Availability Impact: LOW
Impact
This vulnerability could allow malicious local users to manipulate data in the software, causing disruptions in availability and data integrity.
Recommendations
Software users are recommended to update the GNU PSPP software to the latest version which contains the relevant patches to fix the vulnerability.
Threat Metrics
- cvss_score: 4.5
- severity: MEDIUM
- attack_vector: LOCAL
- attack_complexity: HIGH