Nez

**Name of the Vulnerable Software and Affected Versions** GNU PSPP version 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb **Description** A critical issue was found in the `parse variables option` function of the file `utilities/pspp-convert.c`. This issue leads to the freeing of memory not on the heap. An attack must be launched locally. The exploit has been publicly disclosed. **Recommendations** For GNU PSPP version 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb, as a temporary workaround, consider disabling the `parse variables option` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU PSPP version 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb **Description** A critical issue has been discovered, affecting the `parse variables option` function in the `utilities/pspp-convert.c` file. This leads to an out-of-bounds write. The attack must be launched locally. **Recommendations** For GNU PSPP version 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb, as a temporary workaround, consider disabling the `parse variables option` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU PSPP version 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb **Description** A vulnerability was found in GNU PSPP, affecting the `calloc` function in the `pspp-convert.c` file. The manipulation of the argument `-l` leads to integer overflow. Local access is required to approach this attack. **Recommendations** For GNU PSPP version 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb, as a temporary workaround, consider restricting access to the `pspp-convert.c` file and avoiding the use of the `-l` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU PSPP versions through 2.0.1 **Description** libpspp-core.a in GNU PSPP through 2.0.1 contains an incorrect call from the `fill buffer` function (in data/encrypted-file.c) to the Gnulib `rijndaelDecrypt` function, resulting in a heap-based buffer over-read. **Recommendations** Versions prior to 2.0.1 are affected. Update to a version later than 2.0.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GNU PSPP versions 2.0.1 and earlier **Description** The issue allows attackers to cause an out-of-bounds read in `spvxml-helpers.c` `spvxml parse attributes`, related to extra content at the end of a document. **Recommendations** For GNU PSPP versions 2.0.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU PSPP versions 2.0.1 and earlier **Description** The issue allows attackers to cause a heap-based buffer overflow in the `inflate read` function, which is called indirectly from `zip member read all` in `zip-reader.c`. This can be exploited to cause undefined behavior, potentially leading to code execution. **Recommendations** For GNU PSPP versions 2.0.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU PSPP versions 2.0.1 and earlier **Description** The issue allows attackers to cause a heap-based buffer overflow in `inflate read` (called indirectly from `spv read xml member`) in `zip-reader.c`. **Recommendations** For GNU PSPP versions 2.0.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GNU PSPP versions through 2.0.1 **Description** The issue allows attackers to cause a denial of service, resulting in an application exit, via crafted input data. This can be triggered by specific data that causes a call from the `src/data/dictionary.c` code into the `src/data/variable.c` code, leading to a `var set leave quiet` assertion failure. **Recommendations** For GNU PSPP versions through 2.0.1, consider avoiding the use of crafted input data that may trigger the denial of service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.