GNU PSPP Heap-Based Buffer Overflow Vulnerability in Zip Reader Component

A heap-based buffer overflow vulnerability has been identified in GNU PSPP versions through 2.0.1. The issue arises in the zip-reader component, specifically within the 'inflate_read' function, which is indirectly called by 'spv_read_xml_member'. This vulnerability allows attackers to manipulate the program's memory, potentially leading to arbitrary code execution.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling GNU PSPP with Clang 12.0.1, using specific compiler flags to disable optimizations and enable AddressSanitizer, a tool for detecting memory errors. After compiling and installing the application, the vulnerability can be triggered by using the 'pspp-output' utility to process a crafted SPSS output file in PDF format. This process will cause the AddressSanitizer to report a heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.