Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:gnu:aspell:0.50.5:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
Vuln ID Summary CVSS Severity

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.

Published: January 27, 2020; 10:15:12 AM -0500
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.

Published: October 13, 2019; 10:15:10 PM -0400
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM

Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.

Published: August 06, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH