A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Weaknesses in this category are related to improper calculation or conversion of numbers.
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
| Link | Tags |
|---|---|
| https://vuldb.com/?id.309652 | technical description third party advisory vdb entry |
| https://vuldb.com/?ctiid.309652 | permissions required signature vdb entry |
| https://vuldb.com/?submit.569966 | exploit third party advisory vdb entry |
| https://savannah.gnu.org/bugs/index.php?67069 | broken link related |
| https://drive.google.com/file/d/12IIt8eR591Z8O1ABOCkT_jdXSWaBxMZx/view?usp=drive_link | exploit |
| https://www.gnu.org/ | product |