First published: Mon Oct 14 2019(Updated: )
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/aspell | <0.60.7~20110707-4ubuntu0.1 | 0.60.7~20110707-4ubuntu0.1 |
ubuntu/aspell | <0.60.7~20110707-6ubuntu0.1 | 0.60.7~20110707-6ubuntu0.1 |
ubuntu/aspell | <0.60.7-3ubuntu0.1 | 0.60.7-3ubuntu0.1 |
ubuntu/aspell | <0.60.7~20110707-1ubuntu1+ | 0.60.7~20110707-1ubuntu1+ |
ubuntu/aspell | <0.60.8 | 0.60.8 |
ubuntu/aspell | <0.60.7~20110707-3ubuntu0.1 | 0.60.7~20110707-3ubuntu0.1 |
<0.60.8 | ||
=12.04 | ||
=14.04 | ||
=16.04 | ||
=18.04 | ||
=19.04 | ||
GNU Aspell | <0.60.8 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.04 | |
debian/aspell | 0.60.7~20110707-6+deb10u1 0.60.8-3 0.60.8-4 0.60.8.1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-17544 is critical with a severity value of 9.1.
CVE-2019-17544 affects GNU Aspell before version 0.60.8.
To fix CVE-2019-17544 on Debian, update the aspell package to version 0.60.8 or later.
To fix CVE-2019-17544 on Ubuntu, update the aspell package to the specified remedy version for your Ubuntu version.
The Common Weakness Enumeration (CWE) ID for CVE-2019-17544 is CWE-125.