Heap-Based Buffer Overflow in GNU Aspell by GNU
CVE-2019-25051

7.8HIGH

Key Information:

Vendor

Gnu
Status
Aspell
Vendor
CVE Published:
20 July 2021

What is CVE-2019-25051?

The vulnerability in GNU Aspell versions prior to 0.60.8 involves a heap-based buffer overflow in the objstack component. Specifically, this issue arises during operations in the acommon namespace, such as duplication of the top object in the stack via the dup_top function. This flaw can potentially allow an attacker to exploit the buffer overflow, leading to unexpected behaviors or application crashes, thereby jeopardizing the stability and security of the software.

References

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/...
x_refsource_MISC
https://github.com/gnuaspell/aspell/commit/0718b375425aad...
x_refsource_MISC
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.