GNU PSPP up to 2.0.1 libpspp-core.a spvxml_parse_attributes out-of-bounds

Summaryinfo

A vulnerability labeled as problematic has been found in GNU PSPP up to 2.0.1. The impacted element is the function spvxml_parse_attributes of the file libpspp-core.a. The manipulation results in out-of-bounds. This vulnerability is cataloged as CVE-2025-47816. The attack must be initiated from a local position. There is no exploit available.

Detailsinfo

A vulnerability classified as problematic has been found in GNU PSPP up to 2.0.1. Affected is the function spvxml_parse_attributes of the file libpspp-core.a. The manipulation with an unknown input leads to a out-of-bounds vulnerability. CWE is classifying the issue as CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. This is going to have an impact on availability. CVE summarizes:

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.

The advisory is shared for download at savannah.gnu.org. This vulnerability is traded as CVE-2025-47816 since 05/10/2025. The exploitability is told to be difficult. The attack needs to be approached locally. There are known technical details, but no exploit is available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Vendor

• GNU

Name

• PSPP

Version

• 2.0.0
• 2.0.1

License

• open-source

Website

• Vendor: https://www.gnu.org/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion