CVE-2025-47816 Affecting pspp package, versions *

Q: How to fix?

There is no fixed version for Debian:12 pspp .

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-DEBIAN12-PSPP-10116740
published12 May 2025
disclosed10 May 2025

Report a new vulnerability Found a mistake?

Introduced: 10 May 2025

NewCVE-2025-47816 (opens in a new tab)

How to fix?

There is no fixed version for Debian:12 pspp.

NVD Description

Note: Versions mentioned in the description apply only to the upstream pspp package and not the pspp package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.

References

https://security-tracker.debian.org/tracker/CVE-2025-47816
https://savannah.gnu.org/bugs/?67073