Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-5001


A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.


Published

2025-05-20T22:15:19.043

Last Modified

2025-06-17T14:11:34.640

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:S/C:N/I:N/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

3.1

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-189
    CWE-190
  • Type: Primary
    CWE-190

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application gnu pspp - Yes

References