Critical Local Free-Not-Heap in GNU PSPP parse_variables_option
CVE-2025-5899 Published on June 9, 2025
GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap
A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Type
Free of Memory not on the Heap
The application calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc(). When free() is called on an invalid pointer, the program's memory management data structures may become corrupted. This corruption can cause the program to crash or, in some circumstances, an attacker may be able to cause free() to operate on controllable memory locations to modify critical program variables or execute code.
Products Associated with CVE-2025-5899
Want to know whenever a new CVE is published for GNU Pspp? stack.watch will email you.
Affected Versions
GNU PSPP Version 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb is affected by CVE-2025-5899Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.