Your submission was sent successfully! Close

CVE-2019-20433

Published: 27 January 2020

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.

Priority

Low

CVSS 3 base score: 9.1

Status

Package Release Status
aspell
Launchpad, Ubuntu, Debian
Upstream
Released (0.60.7-3)
Ubuntu 21.10 (Impish Indri) Not vulnerable

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

Patches:
Upstream: https://github.com/GNUAspell/aspell/commit/de29341638833ba7717bd6b5e6850998454b044b
Upstream: https://github.com/GNUAspell/aspell/commit/cefd447e5528b08bb0cd6656bc52b4255692cefc (recommended)

Notes

AuthorNote
leosilva
the fix proposed can potentially break applications
that depends on it.
mdeslaur
need to regenerate files after applying patch, see debian bug.

References

Bugs