Multiple vulnerabilities were found in the pspp library. CVE-2017-10791: There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP 0.10.5-pre2. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a denial of service attack. https://bugzilla.redhat.com/show_bug.cgi?id=1467004 CVE-2017-10792: There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP 0.10.5-pre2. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a denial of service attack. https://bugzilla.redhat.com/show_bug.cgi?id=1467005
Created pspp tracking bugs for this issue: Affects: fedora-all [bug 1472864]