CVE-2019-25051

NameCVE-2019-25051
Descriptionobjstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs991307

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
aspell (PTS)stretch0.60.7~20110707-3vulnerable
buster0.60.7~20110707-6vulnerable
bullseye0.60.8-2vulnerable
sid0.60.8-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
aspellsource(unstable)0.60.8-3991307

Notes

https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462

Search for package or bug name: Reporting problems