CVE-2023-49992 — Out-of-bounds Write in Espeak-ng

CWE-787 — Out-of-bounds Write CWE-121 — Stack-based Buffer Overflow9 documents8 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 94.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Espeak-ng Debian Espeak-ng Msrc Azl3 Espeak-ng 1.51.1-1 ON Azure Linux 3.0 +1 more

Timeline

PublishedDec 12

Latest updateAug 21

Description

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages6 packages

▶debiandebian/espeak-ng< espeak-ng 1.51+dfsg-10+deb12u1 (bookworm)

▶Debianespeak-ng/espeak-ng< 1.50+dfsg-7+deb11u2+3

▶Ubuntuespeak-ng/espeak-ng< 1.50+dfsg-6ubuntu0.1+2

▶NVDespeak-ng/espeak-ng1.52

▶msrcmsrc/azl3_espeak-ng_1.51.1-1_on_azure_linux_3.0

🔴Vulnerability Details

OSV

espeak-ng vulnerabilities↗2024-07-01

▶

OSV

CVE-2023-49992: Espeak-ng 1↗2023-12-12

▶

GHSA

GHSA-2g42-jgwr-h29g: Espeak-ng 1↗2023-12-12

▶

📋Vendor Advisories

Ubuntu

eSpeak NG vulnerabilities↗2024-07-01

▶

Red Hat

espeak-ng: buffer overflow in RemoveEnding at dictionary.c↗2023-12-12

▶

Microsoft

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.↗2023-12-12

▶

Debian

CVE-2023-49992: espeak-ng - Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the fun...↗2023

▶

📄Research Papers

arXiv

A Practical Guideline and Taxonomy to LLVM's Control Flow Integrity↗2025-08-21

▶