CVE-2019-25051

NameCVE-2019-25051
Descriptionobjstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2720-1, DSA-4948-1
Debian Bugs991307

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
aspell (PTS)buster, buster (security)0.60.7~20110707-6+deb10u1fixed
bullseye0.60.8-3fixed
bookworm0.60.8-4fixed
sid, trixie0.60.8.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
aspellsourcestretch0.60.7~20110707-3+deb9u1DLA-2720-1
aspellsourcebuster0.60.7~20110707-6+deb10u1DSA-4948-1
aspellsource(unstable)0.60.8-3991307

Notes

https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462

Search for package or bug name: Reporting problems