•
MEDIUM Severity
CVE-2025-47815
Heap-based buffer overflow in libpspp-core.a in GNU PSPP through 2.0.1
Overview
The vulnerability in GNU PSPP 2.0.1's libpspp-core.a can cause a heap-based buffer overflow. An attacker can use this vulnerability to affect system integrity and availability, although the attack complexity is high.
Technical Details
The problem lies in the inflate_read invoked indirectly from zip_member_read_all in zip-reader.c. It allows for buffer overflow, causing potential disruption and mal-effects in the system.
CVSS Metrics
- Base Score: 4.5 (Medium Severity)
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Impact Score: 2.7
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: Low
Impact
Being a locally exploitable vulnerability, the direct impact on confidentiality is none, but it may lead to a low degree of impact on system integrity and availability.
Recommendations
- Regularly update GNU PSPP to the latest version.
- Routinely check system logs for any unusual activity.
Threat Metrics
- "cvss_score": 4.5
- "severity": "MEDIUM"
- "attack_vector": "LOCAL"
- "attack_complexity": "HIGH"