CVE-2019-25051

Name
CVE-2019-25051
Description
objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a
MISC https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462
MISC https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml
MLIST https://lists.debian.org/debian-lts-announce/2021/07/msg00021.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H7E4EI7F6TVN7K6XWU6HSANMCOKKEREE/
Third Party Advisory https://www.debian.org/security/2021/dsa-4948

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnu:aspell:0.60.8:*:*:*:*:*:*:* aspell == None == 0.60.8

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
aspell 3.14-main 0.60.8-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
aspell 3.13-main 0.60.8-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
aspell 3.12-main 0.60.8-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
aspell 3.11-main 0.60.8-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
aspell 3.15-main 0.60.8-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
aspell 3.16-main 0.60.8-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
aspell 3.17-main 0.60.8-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
aspell 3.18-main 0.60.8-r5 Natanael Copa <ncopa@alpinelinux.org> fixed
aspell 3.19-main 0.60.8-r5 Natanael Copa <ncopa@alpinelinux.org> fixed