CVE-2025-5899
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-09

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-09
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-06-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-5899
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-590 The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a critical issue in the GNU PSPP software, specifically in the parse_variables_option function of the pspp-convert.c file. It involves improper memory handling that leads to freeing memory not allocated on the heap. This flaw can be exploited locally by an attacker, and the exploit has been publicly disclosed.


How can this vulnerability impact me? :

The vulnerability can lead to memory corruption due to freeing memory not on the heap, which may cause the program to crash or behave unpredictably. Since the exploit requires local access, an attacker with local privileges could potentially leverage this flaw to disrupt the application or escalate privileges.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart