CVE-2023-49990
First published: Tue Dec 12 2023(Updated: )
Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Espeak-ng Espeak-ng | =1.52-dev | |
| ubuntu/espeak-ng | <1.49.2+dfsg-1ubuntu0.1~ | 1.49.2+dfsg-1ubuntu0.1~ |
| ubuntu/espeak-ng | <1.50+dfsg-6ubuntu0.1 | 1.50+dfsg-6ubuntu0.1 |
| ubuntu/espeak-ng | <1.50+dfsg-10ubuntu0.1 | 1.50+dfsg-10ubuntu0.1 |
| ubuntu/espeak-ng | <1.51+dfsg-11ubuntu0.1 | 1.51+dfsg-11ubuntu0.1 |
| ubuntu/espeak-ng | <1.51+dfsg-12 | 1.51+dfsg-12 |
| debian/espeak-ng | <=1.50+dfsg-7+deb11u1 | 1.51+dfsg-10+deb12u1 1.51+dfsg-12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/espeak-ng/espeak-ng/issues/1824
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/
- https://www.cve.org/CVERecord?id=CVE-2023-49990
- https://ubuntu.com/security/notices/USN-6858-1
- https://nvd.nist.gov/vuln/detail/CVE-2023-49990
- https://launchpad.net/bugs/cve/CVE-2023-49990
- https://security-tracker.debian.org/tracker/CVE-2023-49990
- https://github.com/espeak-ng/espeak-ng/pull/1846
- https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
- https://ubuntu.com/security/CVE-2023-49990
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/
Frequently Asked Questions
What is the severity of CVE-2023-49990?
CVE-2023-49990 has a high severity due to its buffer overflow vulnerability that can potentially lead to remote code execution.
How do I fix CVE-2023-49990?
To fix CVE-2023-49990, update to Espeak-ng versions 1.49.2+dfsg-1ubuntu0.1~, 1.50+dfsg-6ubuntu0.1, 1.51+dfsg-11ubuntu0.1, or any later versions.
Which versions of Espeak-ng are affected by CVE-2023-49990?
Espeak-ng version 1.52-dev is affected by CVE-2023-49990.
What is the cause of CVE-2023-49990?
CVE-2023-49990 is caused by a buffer overflow in the SetUpPhonemeTable function in synthdata.c.
Is there a known exploit for CVE-2023-49990?
As of now, there are no publicly disclosed exploits specifically targeting CVE-2023-49990.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/remedy
- agent/description
- collector/security-tracker-debian
- source/Debian
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- agent/last-modified-date
- agent/trending
- agent/tags
- agent/source
- package-manager/ubuntu
- package-manager/debian
- vendor/espeak-ng
- canonical/espeak-ng espeak-ng
- version/espeak-ng espeak-ng/1.52-dev