CVE-2004-0548
published 2004-08-06CVE-2004-0548: Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long…
high7.2CVSS 3.1
AVLACLAuNCCICAC
EXPLOIT
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | aspell | < aspell 0.50.5-3 (bookworm) | aspell 0.50.5-3 (bookworm) |
| gentoo | linux | — | — |
| gnu | aspell | — | — |
| gnu | aspell | >= 0 < 0.50.5-3 | 0.50.5-3 |
| gnu | aspell | >= 0 < 0.50.5-3 | 0.50.5-3 |
| gnu | aspell | >= 0 < 0.50.5-3 | 0.50.5-3 |
| gnu | aspell | >= 0 < 0.50.5-3 | 0.50.5-3 |
CVSS provenance
nvd7.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH