What is CVE-2025-5001?

CVE-2025-5001 is a low-severity vulnerability in Gnu Pspp, classified under Integer Overflow or Wraparound. CVSS score: 3.3/10. Published 2025-05-20.

How severe is CVE-2025-5001?

Low severity. CVSS v3 base score is 3.3 out of 10.

Integer overflow in Gnu Pspp

CVE-2025-5001

A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to in…

Vulnerability class: Integer Overflow

EPSS: 0.001 (29.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.3 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L.

Affected products

Gnu Pspp — versions 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb

Weakness classification (CWE)

References

VDB-309652 | GNU PSPP pspp-convert.c calloc integer overflow (vdb-entry, technical-description)
VDB-309652 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
Submit #569966 | GNU PSPP pspp-convert master Integer Overflow (third-party-advisory)
savannah.gnu.org/bugs/index.php (related)
drive.google.com/file/d/12IIt8eR591Z8O1ABOCkT_jdXSWaBxMZx/view (exploit)
www.gnu.org/ (product)

Frequently asked questions

What is CVE-2025-5001?: CVE-2025-5001 is a low-severity vulnerability in Gnu Pspp, classified under Integer Overflow or Wraparound. CVSS score: 3.3/10. Published 2025-05-20.
How severe is CVE-2025-5001?: Low severity. CVSS v3 base score is 3.3 out of 10.