CVE-2023-49994
First published: Tue Dec 12 2023(Updated: )
Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Espeak-ng Espeak-ng | =1.52-dev | |
| ubuntu/espeak-ng | <1.49.2+dfsg-1ubuntu0.1~ | 1.49.2+dfsg-1ubuntu0.1~ |
| ubuntu/espeak-ng | <1.50+dfsg-6ubuntu0.1 | 1.50+dfsg-6ubuntu0.1 |
| ubuntu/espeak-ng | <1.50+dfsg-10ubuntu0.1 | 1.50+dfsg-10ubuntu0.1 |
| ubuntu/espeak-ng | <1.51+dfsg-11ubuntu0.1 | 1.51+dfsg-11ubuntu0.1 |
| ubuntu/espeak-ng | <1.51+dfsg-12 | 1.51+dfsg-12 |
| debian/espeak-ng | <=1.50+dfsg-7+deb11u1 | 1.51+dfsg-10+deb12u1 1.51+dfsg-12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/espeak-ng/espeak-ng/issues/1823
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/
- https://www.cve.org/CVERecord?id=CVE-2023-49994
- https://ubuntu.com/security/notices/USN-6858-1
- https://nvd.nist.gov/vuln/detail/CVE-2023-49994
- https://launchpad.net/bugs/cve/CVE-2023-49994
- https://security-tracker.debian.org/tracker/CVE-2023-49994
- https://github.com/espeak-ng/espeak-ng/pull/1846
- https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
- https://ubuntu.com/security/CVE-2023-49994
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/
Frequently Asked Questions
What is the severity of CVE-2023-49994?
The severity of CVE-2023-49994 is categorized as high due to the risk of floating point exceptions.
How do I fix CVE-2023-49994?
To fix CVE-2023-49994, upgrade to espeak-ng version 1.51+dfsg-12 or later on the affected systems.
Which versions of espeak-ng are affected by CVE-2023-49994?
CVE-2023-49994 affects espeak-ng version 1.52-dev and earlier versions.
What function is responsible for the vulnerability in CVE-2023-49994?
The floating point exception in CVE-2023-49994 is caused by the function PeaksToHarmspect in wavegen.c.
On which platforms can I find a fix for CVE-2023-49994?
Fixes for CVE-2023-49994 can be found on Ubuntu and Debian platforms with specific package versions.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/description
- collector/security-tracker-debian
- source/Debian
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/tags
- agent/source
- vendor/espeak-ng
- canonical/espeak-ng espeak-ng
- version/espeak-ng espeak-ng/1.52-dev
- package-manager/ubuntu
- package-manager/debian