GNU PSPP Bad-Free Vulnerability in Memory Management

A critical vulnerability has been identified in GNU PSPP version 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. The issue arises in the 'parse_variables_option' function within 'utilities/pspp-convert.c', where there is an improper memory management flaw that leads to a 'free' operation on memory not allocated on the heap. This vulnerability requires local exploitation.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by leading to an uninitialized memory free attempt, which can disrupt the normal operation of the application.

Reproduction

The vulnerability can be reproduced by compiling GNU PSPP with Clang, using specific compiler flags to disable optimizations and enable address sanitization. After installing the application, the 'pspp-convert' tool can be run with options that trigger the vulnerable 'parse_variables_option' function. This process will result in an address sanitizer error, indicating an attempt to free a memory address that was not properly allocated, demonstrating the bad-free vulnerability.