Denial of Service Vulnerability in GNU PSPP by GNU
CVE-2025-47229

2.9LOW

Key Information:

Vendor: Gnu
Status: Pspp
Vendor: CVE Published:; 3 May 2025

What is CVE-2025-47229?

A vulnerability in GNU PSPP allows attackers to exploit a flaw in the libpspp-core.a library, resulting in a denial of service. This occurs when crafted input data triggers an assertion failure, causing the application to exit unexpectedly. The issue is rooted in key functions within the source code, specifically in the processing of variable data, which can be manipulated to disrupt normal application behavior.

Affected Version(s)

PSPP 0 <= 2.0.1

References

https://savannah.gnu.org/bugs/?67049

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2025
Vulnerability Reserved
May 3, 2025

Gnu

What is CVE-2025-47229?

Affected Version(s)

References

CVSS V3.1

Timeline