CVE-2025-5899

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-5899

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5899.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-5899

Downstream

DEBIAN-CVE-2025-5899

UBUNTU-CVE-2025-5899

Published

2025-06-09T22:15:22Z

Modified

2026-04-10T05:31:41.122490Z

Summary

[none]

Details

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

References

https://drive.google.com/file/d/1YPJLiBzOwVTcc2FzdawYxBJWGujwqy7o/view?usp=sharing
https://savannah.gnu.org/bugs/index.php?67072
https://vuldb.com/?ctiid.311671
https://vuldb.com/?id.311671
https://vuldb.com/?submit.586106
https://www.gnu.org/

CVE-2025-5899

Affected packages