CVE-2023-49994 — Incorrect Comparison in Espeak-ng

CWE-697 — Incorrect Comparison CWE-1077 — Floating Point Comparison with Incorrect Operator8 documents7 sources

Severity

5.5MEDIUMNVD

OSV5.3

EPSS

0.0%

top 91.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Espeak-ng Debian Espeak-ng Msrc Azl3 Espeak-ng 1.51.1-1 ON Azure Linux 3.0 +1 more

Timeline

PublishedDec 12

Latest updateJul 1

Description

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶debiandebian/espeak-ng< espeak-ng 1.51+dfsg-10+deb12u1 (bookworm)

▶Debianespeak-ng/espeak-ng< 1.50+dfsg-7+deb11u2+3

▶Ubuntuespeak-ng/espeak-ng< 1.50+dfsg-6ubuntu0.1+2

▶NVDespeak-ng/espeak-ng1.52

▶msrcmsrc/azl3_espeak-ng_1.51.1-1_on_azure_linux_3.0

🔴Vulnerability Details

OSV

espeak-ng vulnerabilities↗2024-07-01

▶

GHSA

GHSA-2gxf-v2x6-xmcm: Espeak-ng 1↗2023-12-12

▶

OSV

CVE-2023-49994: Espeak-ng 1↗2023-12-12

▶

📋Vendor Advisories

Ubuntu

eSpeak NG vulnerabilities↗2024-07-01

▶

Microsoft

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.↗2023-12-12

▶

Red Hat

espeak-ng: floating point exception in PeaksToHarmspect at wavegen.c↗2023-12-12

▶

Debian

CVE-2023-49994: espeak-ng - Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the ...↗2023

▶