Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-48188

libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read.

Published

2025-05-16T21:15:35.210

Last Modified

2025-07-17T20:33:11.580

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 2.9 (LOW)

Weaknesses

Type: Secondary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	pspp	≤ 2.0.1	Yes

References

https://savannah.gnu.org/bugs/?67079 Exploit, Issue Tracking ([email protected])