CVE-2023-49991
First published: Tue Dec 12 2023(Updated: )
Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Espeak-ng Espeak-ng | =1.52-dev | |
| ubuntu/espeak-ng | <1.49.2+dfsg-1ubuntu0.1~ | 1.49.2+dfsg-1ubuntu0.1~ |
| ubuntu/espeak-ng | <1.50+dfsg-6ubuntu0.1 | 1.50+dfsg-6ubuntu0.1 |
| ubuntu/espeak-ng | <1.50+dfsg-10ubuntu0.1 | 1.50+dfsg-10ubuntu0.1 |
| ubuntu/espeak-ng | <1.51+dfsg-11ubuntu0.1 | 1.51+dfsg-11ubuntu0.1 |
| ubuntu/espeak-ng | <1.51+dfsg-12 | 1.51+dfsg-12 |
| debian/espeak-ng | <=1.50+dfsg-7+deb11u1 | 1.51+dfsg-10+deb12u1 1.51+dfsg-12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/espeak-ng/espeak-ng/issues/1825
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/
- https://www.cve.org/CVERecord?id=CVE-2023-49991
- https://ubuntu.com/security/notices/USN-6858-1
- https://nvd.nist.gov/vuln/detail/CVE-2023-49991
- https://launchpad.net/bugs/cve/CVE-2023-49991
- https://security-tracker.debian.org/tracker/CVE-2023-49991
- https://github.com/espeak-ng/espeak-ng/pull/1846
- https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
- https://ubuntu.com/security/CVE-2023-49991
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/
Frequently Asked Questions
What is the severity of CVE-2023-49991?
CVE-2023-49991 is classified as a moderate severity vulnerability due to the stack buffer underflow it introduces.
How do I fix CVE-2023-49991?
To fix CVE-2023-49991, you should upgrade to the patched versions of espeak-ng which are 1.49.2+dfsg-1ubuntu0.1~ or higher for Ubuntu or 1.51+dfsg-12 for Debian.
What is affected by CVE-2023-49991?
CVE-2023-49991 affects espeak-ng version 1.52-dev specifically.
Can CVE-2023-49991 lead to code execution?
While CVE-2023-49991 is a buffer underflow issue, it typically does not directly lead to arbitrary code execution but could potentially be exploited in a controlled environment.
Where can I find more information about CVE-2023-49991?
For more information on CVE-2023-49991, you can refer to the relevant package release notes or advisories from your Linux distribution.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/description
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/tags
- agent/source
- vendor/espeak-ng
- canonical/espeak-ng espeak-ng
- version/espeak-ng espeak-ng/1.52-dev
- package-manager/ubuntu
- package-manager/debian