CVE-2025-5899— GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap

GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

释放并不在堆上的内存

GNU PSPP 安全漏洞

GNU PSPP是美国GNU社区的一款用于数据采样、统计和分析的应用程序。 GNU PSPP存在安全漏洞，该漏洞源于函数parse_variables_option存在非堆内存释放。

N/A

N/A