CVE-2019-25051

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow8 documents8 sources

Severity

7.8HIGH

EPSS

0.0%

top 86.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Fedoraproject Fedora GNU Aspell

Timeline

PublishedJul 20

Latest updateMay 24

Description

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debianaspell< 0.60.8-3+3

▶NVDgnu/aspell0.60.8

Also affects: Debian Linux 10.0, 9.0, Fedora 34

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-vm7w-rc54-7m7r: objstack in GNU Aspell 0↗2022-05-24

▶

OSV

CVE-2019-25051: objstack in GNU Aspell 0↗2021-07-20

▶

CVEList

CVE-2019-25051: objstack in GNU Aspell 0↗2021-07-20

▶

📋Vendor Advisories

Ubuntu

Aspell vulnerability↗2021-07-26

▶

Red Hat

aspell: Heap-buffer-overflow in acommon::ObjStack::dup_top↗2021-07-20

▶

Microsoft

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).↗2021-07-13

▶

Debian

CVE-2019-25051: aspell - objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjSt...↗2019

▶