CVE-2019-17544

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-17544
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-17544.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-17544
Downstream
Related
Published
2019-10-14T02:15:10.953Z
Modified
2026-05-30T13:50:44.775648Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.

Database specific 
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "12.04"
                },
                {
                    "last_affected": "14.04"
                },
                {
                    "last_affected": "16.04"
                },
                {
                    "last_affected": "18.04"
                },
                {
                    "last_affected": "19.04"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"
            ],
            "vendor_product": "canonical:ubuntu_linux"
        }
    ]
}
References

Affected packages

Git / github.com/gnuaspell/aspell

Affected ranges

Type
GIT
Repo
https://github.com/gnuaspell/aspell
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c96f9b06576cde08300c14f288727c754038fe3f
Fixed
80fa26c74279fced8d778351cff19d1d8f44fe4e
Database specific 
{
    "cpe": "cpe:2.3:a:gnu:aspell:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.60.8"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

rel-0.*
rel-0.60.6.1
rel-0.60.7-20110707

Database specific

vanir_signatures 
[
    {
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "63267405354356243680074120055391035089",
                "320706848972167965650545884929276843612",
                "327821274106332997762033654944510410628",
                "141062896135376033646659428694966573991"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2019-17544-12bd2d16",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e",
        "target": {
            "file": "common/config.cpp"
        }
    },
    {
        "signature_type": "Function",
        "digest": {
            "length": 436.0,
            "function_hash": "127110612983318014681101241697171707761"
        },
        "id": "CVE-2019-17544-21c3796e",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e",
        "target": {
            "function": "unescape",
            "file": "common/getdata.cpp"
        }
    },
    {
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "73953255011546519934657047902106867136",
                "42558228160815707996082256499373545852",
                "21064245684511713979775939432818544288",
                "297765886821513783330443361481767624359"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2019-17544-3081d369",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e",
        "target": {
            "file": "common/file_util.cpp"
        }
    },
    {
        "signature_type": "Function",
        "digest": {
            "length": 366.0,
            "function_hash": "109872934052244633296099918610413084134"
        },
        "id": "CVE-2019-17544-3c93427e",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e",
        "target": {
            "function": "combine_list",
            "file": "common/config.cpp"
        }
    },
    {
        "signature_type": "Function",
        "digest": {
            "length": 364.0,
            "function_hash": "120632991553998442133986991240776706626"
        },
        "id": "CVE-2019-17544-4b03732d",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e",
        "target": {
            "function": "find_file",
            "file": "common/file_util.cpp"
        }
    },
    {
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "218619807404470683381692593984580825203",
                "293044709451460081233959699421105590642",
                "105630015689477798759666266828483398087",
                "147715987874243885955869714831220035131"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2019-17544-6dedfa44",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e",
        "target": {
            "file": "common/getdata.cpp"
        }
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-17544.json"
vanir_signatures_modified 
"2026-05-30T13:50:44Z"