CVE-2017-10792

Priority
Description
There is a NULL Pointer Dereference in the function ll_insert() of the
libpspp library in GNU PSPP before 0.11.0. For example, a crash was
observed within the library code when attempting to convert invalid SPSS
data into CSV format. A crafted input will lead to a remote denial of
service attack.
Notes
Package
Source: pspp (LP Ubuntu Debian)
Upstream:released (1.0.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.0.1-1)
Ubuntu 19.10 (Eoan Ermine):not-affected (1.0.1-1)
Ubuntu 20.04 (Focal Fossa):not-affected (1.0.1-1)
Patches:
Upstream:http://git.savannah.gnu.org/cgit/pspp.git/commit/?id=bf03b53a3c0f0d1066062f37919015a8fa6ad436
More Information

Updated: 2020-01-29 18:37:24 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)