Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-47816

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.

Published

2025-05-10T22:15:20.507

Last Modified

2025-06-16T18:36:10.487

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 2.9 (LOW)

Weaknesses

Type: Secondary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	pspp	≤ 2.0.1	Yes

References

https://savannah.gnu.org/bugs/?67073 Exploit ([email protected])
https://savannah.gnu.org/bugs/?67073 Exploit (134c704f-9b21-4f2e-91b3-4a467353bcc0)