Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-47814

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c.

Published

2025-05-10T22:15:20.193

Last Modified

2025-06-12T16:16:54.243

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-122
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	pspp	≤ 2.0.1	Yes

References

https://savannah.gnu.org/bugs/?67074 Exploit ([email protected])
https://savannah.gnu.org/bugs/?67074 Exploit (134c704f-9b21-4f2e-91b3-4a467353bcc0)