CVE-2019-25051

7.8HIGH

Key Information:

Vendor: Gnu
Status: Aspell
Vendor: CVE Published:; 20 July 2021

Summary

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).

References

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/...

x_refsource_MISC

https://github.com/gnuaspell/aspell/commit/0718b375425aad...

x_refsource_MISC

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 20, 2021
Vulnerability Reserved
Jul 20, 2021