Key Information Vulnerability ID: #67069 Vulnerability Type: Integer Overflow Affected Component: pspp-convert Submitter: Nez Submission Time: May 2, 2025, 01:74:3 PM UTC Severity: 5 - Medium Status: Open Vulnerability Description pspp-convert fails to properly validate input when processing the parameter used for password brute-force cracking of encrypted syntax files. If an extremely large or negative value is provided, it leads to an unreasonable attempt to allocate a massive amount of memory, ultimately causing a crash. Environment PSPP Version: master in Git Repository (commit: 82fb509fb2fedd33e7ac0c46ca99e108bb3bdf5b) Operating System: Ubuntu 20.04.6 LTS Compiler: Clang-12.0.1 Reproduction Steps Error Output Example POC Link https://drive.google.com/file/d/121It8eR591ZB01AB0CKT_jdXSWaBxMZX/view?usp=drivelink Submitters Xudong Cao (UCAS) Yuqing Zhang (UCAS, Zhongguancun Laboratory)