Every CVE whose affected-product data names Gnu Pspp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2022-39832 — CVSS 7.8 (high): An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c…
CVE-2022-39831 — CVSS 7.8 (high): An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav…
CVE-2018-20230 — CVSS 7.8 (high): An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav…
CVE-2017-12961 — CVSS 7.5 (high): There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1…
CVE-2017-12959 — CVSS 7.5 (high): There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1…
CVE-2017-12958 — CVSS 7.5 (high): There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that…
CVE-2017-12960 — CVSS 7.5 (high): There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1…
CVE-2017-10791 — CVSS 6.5 (medium): There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed…
CVE-2017-10792 — CVSS 6.5 (medium): There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was…
CVE-2019-9211 — CVSS 6.5 (medium): There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP…
CVE-2025-47814 — CVSS 4.5 (medium): libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from…
CVE-2025-47815 — CVSS 4.5 (medium): libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from…
CVE-2025-5001 — CVSS 3.3 (low): A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability…
CVE-2025-47229 — CVSS 2.9 (low): libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and…
CVE-2025-47816 — CVSS 2.9 (low): libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related…
CVE-2025-48188 — CVSS 2.9 (low): libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt…