Listen to this Post
How the CVE Works
CVE-2025-47816 is an out-of-bounds read vulnerability in `libpspp-core.a` within GNU PSPP up to version 2.0.1. The flaw resides in spvxml-helpers.c, specifically in the `spvxml_parse_attributes` function. When parsing XML documents, the function fails to properly validate input boundaries, allowing an attacker to trigger an out-of-bounds read by appending malicious content at the end of a document. This could lead to information disclosure or application crashes.
DailyCVE Form
Platform: GNU PSPP
Version: ≤ 2.0.1
Vulnerability: Out-of-Bounds Read
Severity: Medium
Date: 06/16/2025
Prediction: Patch expected by 08/2025
What Undercode Say
Analytics:
$ pspp --version $ strings libpspp-core.a | grep spvxml_parse_attributes
How Exploit:
Craft malformed XML with excess content.
Protection from this CVE:
Update to patched version.
Impact:
Information disclosure/crash.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
