Vulnerability Description
A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://drive.google.com/file/d/1YPJLiBzOwVTcc2FzdawYxBJWGujwqy7o/view?usp=shari
- https://savannah.gnu.org/bugs/index.php?67072
- https://vuldb.com/?ctiid.311671
- https://vuldb.com/?id.311671
- https://vuldb.com/?submit.586106
- https://www.gnu.org/
- https://savannah.gnu.org/bugs/index.php?67072
FAQ
What is CVE-2025-5899?
CVE-2025-5899 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-...
How severe is CVE-2025-5899?
CVE-2025-5899 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-5899?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.