•
LOW Severity
CVE-2025-47816
Out-of-Bounds Read in GNU PSPP
Overview
The vulnerability CVE-2025-47816 is located in libpspp-core.a in GNU PSPP through 2.0.1. It allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read related to extra content at the end of a document.
Technical Details
GNU PSPP 2.0.1 suffers from an out-of-bounds read issue resulting from unsanitary spvxml_parse_attributes in "spvxml_helpers.c". This could lead to an attacker reading extra data by manipulating the end of a document.
CVSS Metrics
- Base Score: 2.9
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Impact
With the Severity of being Low, this vulnerability if exploited allows an attacker to read more data than expected and potentially exploit this information access.
Recommendations
To mitigate the vulnerability, it is recommended to update GNU PSPP to a version later than 2.0.1.
Threat Metrics
- "cvss_score": 2.9
- "severity": "LOW"
- "attack_vector": "LOCAL"
- "attack_complexity": "HIGH"