rpm package
opensuse/pspp&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/pspp&distro=openSUSE%20Tumbleweed
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-9211 | — | < 1.4.1-2.3 | 1.4.1-2.3 | Feb 27, 2019 | There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. | ||
| CVE-2018-20230 | — | < 1.4.1-2.3 | 1.4.1-2.3 | Dec 19, 2018 | An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||
| CVE-2017-12961 | Hig | 7.5 | < 1.4.1-2.3 | 1.4.1-2.3 | Aug 18, 2017 | There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | |
| CVE-2017-12959 | Hig | 7.5 | < 1.4.1-2.3 | 1.4.1-2.3 | Aug 18, 2017 | There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack. | |
| CVE-2017-12958 | Hig | 7.5 | < 1.4.1-2.3 | 1.4.1-2.3 | Aug 18, 2017 | There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | |
| CVE-2017-10792 | Med | 6.5 | < 1.4.1-2.3 | 1.4.1-2.3 | Jul 2, 2017 | There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial o | |
| CVE-2017-10791 | Med | 6.5 | < 1.4.1-2.3 | 1.4.1-2.3 | Jul 2, 2017 | There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service |
- CVE-2019-9211Feb 27, 2019affected < 1.4.1-2.3fixed 1.4.1-2.3
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.
- CVE-2018-20230Dec 19, 2018affected < 1.4.1-2.3fixed 1.4.1-2.3
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
- affected < 1.4.1-2.3fixed 1.4.1-2.3
There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
- affected < 1.4.1-2.3fixed 1.4.1-2.3
There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.
- affected < 1.4.1-2.3fixed 1.4.1-2.3
There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
- affected < 1.4.1-2.3fixed 1.4.1-2.3
There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial o
- affected < 1.4.1-2.3fixed 1.4.1-2.3
There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service