CVE-2019-15767

NameCVE-2019-15767
DescriptionIn GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs936023

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnuchess (PTS)jessie6.1.2-1vulnerable
stretch6.2.4-1vulnerable
bullseye, sid, buster6.2.5-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnuchesssource(unstable)(unfixed)unimportant936023

Notes

https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00004.html
Neutralised by toolchain hardening, no security impact

Search for package or bug name: Reporting problems