CVE-2004-0548

NameCVE-2004-0548
DescriptionMultiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
aspell (PTS)stretch0.60.7~20110707-3fixed
stretch (security)0.60.7~20110707-3+deb9u1fixed
buster0.60.7~20110707-6fixed
buster (security)0.60.7~20110707-6+deb10u1fixed
bookworm, sid, bullseye0.60.8-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
aspellsource(unstable)0.50.5-3

Search for package or bug name: Reporting problems