CVE-2019-17544
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-17544
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-17544.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-17544
- Downstream
- Related
- Published
- 2019-10-14T02:15:10Z
- Modified
- 2025-10-15T10:33:19.325824Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.
- References
-
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109
- https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e
- https://github.com/GNUAspell/aspell/compare/rel-0.60.7...rel-0.60.8
- https://usn.ubuntu.com/4155-1/
- https://www.debian.org/security/2021/dsa-4948
- https://lists.debian.org/debian-lts-announce/2019/10/msg00027.html
- https://lists.debian.org/debian-lts-announce/2021/07/msg00021.html
- https://usn.ubuntu.com/4155-2/
Affected packages
Git / github.com/gnuaspell/aspell
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gnuaspell/aspell
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"source": "https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e",
"deprecated": false,
"id": "CVE-2019-17544-12bd2d16",
"signature_type": "Line",
"target": {
"file": "common/config.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"63267405354356243680074120055391035089",
"320706848972167965650545884929276843612",
"327821274106332997762033654944510410628",
"141062896135376033646659428694966573991"
]
},
"signature_version": "v1"
},
{
"source": "https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e",
"deprecated": false,
"id": "CVE-2019-17544-21c3796e",
"signature_type": "Function",
"target": {
"function": "unescape",
"file": "common/getdata.cpp"
},
"digest": {
"function_hash": "127110612983318014681101241697171707761",
"length": 436.0
},
"signature_version": "v1"
},
{
"source": "https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e",
"deprecated": false,
"id": "CVE-2019-17544-3081d369",
"signature_type": "Line",
"target": {
"file": "common/file_util.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"73953255011546519934657047902106867136",
"42558228160815707996082256499373545852",
"21064245684511713979775939432818544288",
"297765886821513783330443361481767624359"
]
},
"signature_version": "v1"
},
{
"source": "https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e",
"deprecated": false,
"id": "CVE-2019-17544-3c93427e",
"signature_type": "Function",
"target": {
"function": "combine_list",
"file": "common/config.cpp"
},
"digest": {
"function_hash": "109872934052244633296099918610413084134",
"length": 366.0
},
"signature_version": "v1"
},
{
"source": "https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e",
"deprecated": false,
"id": "CVE-2019-17544-4b03732d",
"signature_type": "Function",
"target": {
"function": "find_file",
"file": "common/file_util.cpp"
},
"digest": {
"function_hash": "120632991553998442133986991240776706626",
"length": 364.0
},
"signature_version": "v1"
},
{
"source": "https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e",
"deprecated": false,
"id": "CVE-2019-17544-6dedfa44",
"signature_type": "Line",
"target": {
"file": "common/getdata.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"218619807404470683381692593984580825203",
"293044709451460081233959699421105590642",
"105630015689477798759666266828483398087",
"147715987874243885955869714831220035131"
]
},
"signature_version": "v1"
}
]