Heap-based Buffer Over-read in GNU PSPP Affecting Versions up to 2.0.1
CVE-2025-48188
2.9LOW
What is CVE-2025-48188?
The GNU PSPP software, up to version 2.0.1, contains a vulnerability within the libpspp-core.a library that stems from an improper function call in the encrypted file handling process. Specifically, the fill_buffer function invokes the Gnulib rijndaelDecrypt function incorrectly, resulting in a potential heap-based buffer over-read. This flaw could be exploited to access sensitive data or cause unintended behaviors within the application.
Affected Version(s)
PSPP 0 <= 2.0.1