CVE-2019-25051

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-25051
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-25051.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-25051
Downstream
Related
Published
2021-07-20T07:15:07Z
Modified
2025-09-16T07:06:41.769035Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::duptop (called from acommon::StringMap::add and acommon::Config::lookuplist).

References

Affected packages

Alpine:v3.11 / aspell

Package

Name
aspell
Purl
pkg:apk/alpine/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-r1

Affected versions

0.*

0.60.6-r0
0.60.6-r1
0.60.6-r2
0.60.6-r3
0.60.6-r4
0.60.6-r5
0.60.6.1-r0
0.60.6.1-r1
0.60.6.1-r2
0.60.6.1-r3
0.60.6.1-r4
0.60.6.1-r5
0.60.6.1-r6
0.60.6.1-r7
0.60.6.1-r8
0.60.6.1-r9
0.60.6.1-r10
0.60.6.1-r11
0.60.6.1-r12
0.60.6.1-r13
0.60.7-r0
0.60.8-r0

Alpine:v3.12 / aspell

Package

Name
aspell
Purl
pkg:apk/alpine/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-r1

Affected versions

0.*

0.60.6-r0
0.60.6-r1
0.60.6-r2
0.60.6-r3
0.60.6-r4
0.60.6-r5
0.60.6.1-r0
0.60.6.1-r1
0.60.6.1-r2
0.60.6.1-r3
0.60.6.1-r4
0.60.6.1-r5
0.60.6.1-r6
0.60.6.1-r7
0.60.6.1-r8
0.60.6.1-r9
0.60.6.1-r10
0.60.6.1-r11
0.60.6.1-r12
0.60.6.1-r13
0.60.7-r0
0.60.8-r0

Alpine:v3.13 / aspell

Package

Name
aspell
Purl
pkg:apk/alpine/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-r1

Affected versions

0.*

0.60.6-r0
0.60.6-r1
0.60.6-r2
0.60.6-r3
0.60.6-r4
0.60.6-r5
0.60.6.1-r0
0.60.6.1-r1
0.60.6.1-r2
0.60.6.1-r3
0.60.6.1-r4
0.60.6.1-r5
0.60.6.1-r6
0.60.6.1-r7
0.60.6.1-r8
0.60.6.1-r9
0.60.6.1-r10
0.60.6.1-r11
0.60.6.1-r12
0.60.6.1-r13
0.60.7-r0
0.60.8-r0

Alpine:v3.14 / aspell

Package

Name
aspell
Purl
pkg:apk/alpine/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-r1

Affected versions

0.*

0.60.6-r0
0.60.6-r1
0.60.6-r2
0.60.6-r3
0.60.6-r4
0.60.6-r5
0.60.6.1-r0
0.60.6.1-r1
0.60.6.1-r2
0.60.6.1-r3
0.60.6.1-r4
0.60.6.1-r5
0.60.6.1-r6
0.60.6.1-r7
0.60.6.1-r8
0.60.6.1-r9
0.60.6.1-r10
0.60.6.1-r11
0.60.6.1-r12
0.60.6.1-r13
0.60.7-r0
0.60.8-r0

Alpine:v3.15 / aspell

Package

Name
aspell
Purl
pkg:apk/alpine/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-r1

Affected versions

0.*

0.60.6-r0
0.60.6-r1
0.60.6-r2
0.60.6-r3
0.60.6-r4
0.60.6-r5
0.60.6.1-r0
0.60.6.1-r1
0.60.6.1-r2
0.60.6.1-r3
0.60.6.1-r4
0.60.6.1-r5
0.60.6.1-r6
0.60.6.1-r7
0.60.6.1-r8
0.60.6.1-r9
0.60.6.1-r10
0.60.6.1-r11
0.60.6.1-r12
0.60.6.1-r13
0.60.7-r0
0.60.8-r0

Alpine:v3.16 / aspell

Package

Name
aspell
Purl
pkg:apk/alpine/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-r1

Affected versions

0.*

0.60.6-r0
0.60.6-r1
0.60.6-r2
0.60.6-r3
0.60.6-r4
0.60.6-r5
0.60.6.1-r0
0.60.6.1-r1
0.60.6.1-r2
0.60.6.1-r3
0.60.6.1-r4
0.60.6.1-r5
0.60.6.1-r6
0.60.6.1-r7
0.60.6.1-r8
0.60.6.1-r9
0.60.6.1-r10
0.60.6.1-r11
0.60.6.1-r12
0.60.6.1-r13
0.60.7-r0
0.60.8-r0

Alpine:v3.17 / aspell

Package

Name
aspell
Purl
pkg:apk/alpine/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-r1

Affected versions

0.*

0.60.6-r0
0.60.6-r1
0.60.6-r2
0.60.6-r3
0.60.6-r4
0.60.6-r5
0.60.6.1-r0
0.60.6.1-r1
0.60.6.1-r2
0.60.6.1-r3
0.60.6.1-r4
0.60.6.1-r5
0.60.6.1-r6
0.60.6.1-r7
0.60.6.1-r8
0.60.6.1-r9
0.60.6.1-r10
0.60.6.1-r11
0.60.6.1-r12
0.60.6.1-r13
0.60.7-r0
0.60.8-r0

Alpine:v3.18 / aspell

Package

Name
aspell
Purl
pkg:apk/alpine/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-r1

Affected versions

0.*

0.60.6-r0
0.60.6-r1
0.60.6-r2
0.60.6-r3
0.60.6-r4
0.60.6-r5
0.60.6.1-r0
0.60.6.1-r1
0.60.6.1-r2
0.60.6.1-r3
0.60.6.1-r4
0.60.6.1-r5
0.60.6.1-r6
0.60.6.1-r7
0.60.6.1-r8
0.60.6.1-r9
0.60.6.1-r10
0.60.6.1-r11
0.60.6.1-r12
0.60.6.1-r13
0.60.7-r0
0.60.8-r0

Alpine:v3.19 / aspell

Package

Name
aspell
Purl
pkg:apk/alpine/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-r1

Affected versions

0.*

0.60.6-r0
0.60.6-r1
0.60.6-r2
0.60.6-r3
0.60.6-r4
0.60.6-r5
0.60.6.1-r0
0.60.6.1-r1
0.60.6.1-r2
0.60.6.1-r3
0.60.6.1-r4
0.60.6.1-r5
0.60.6.1-r6
0.60.6.1-r7
0.60.6.1-r8
0.60.6.1-r9
0.60.6.1-r10
0.60.6.1-r11
0.60.6.1-r12
0.60.6.1-r13
0.60.7-r0
0.60.8-r0

Alpine:v3.20 / aspell

Package

Name
aspell
Purl
pkg:apk/alpine/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-r1

Affected versions

0.*

0.60.6-r0
0.60.6-r1
0.60.6-r2
0.60.6-r3
0.60.6-r4
0.60.6-r5
0.60.6.1-r0
0.60.6.1-r1
0.60.6.1-r2
0.60.6.1-r3
0.60.6.1-r4
0.60.6.1-r5
0.60.6.1-r6
0.60.6.1-r7
0.60.6.1-r8
0.60.6.1-r9
0.60.6.1-r10
0.60.6.1-r11
0.60.6.1-r12
0.60.6.1-r13
0.60.7-r0
0.60.8-r0

Alpine:v3.21 / aspell

Package

Name
aspell
Purl
pkg:apk/alpine/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-r1

Affected versions

0.*

0.60.6-r0
0.60.6-r1
0.60.6-r2
0.60.6-r3
0.60.6-r4
0.60.6-r5
0.60.6.1-r0
0.60.6.1-r1
0.60.6.1-r2
0.60.6.1-r3
0.60.6.1-r4
0.60.6.1-r5
0.60.6.1-r6
0.60.6.1-r7
0.60.6.1-r8
0.60.6.1-r9
0.60.6.1-r10
0.60.6.1-r11
0.60.6.1-r12
0.60.6.1-r13
0.60.7-r0
0.60.8-r0

Alpine:v3.22 / aspell

Package

Name
aspell
Purl
pkg:apk/alpine/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-r1

Affected versions

0.*

0.60.6-r0
0.60.6-r1
0.60.6-r2
0.60.6-r3
0.60.6-r4
0.60.6-r5
0.60.6.1-r0
0.60.6.1-r1
0.60.6.1-r2
0.60.6.1-r3
0.60.6.1-r4
0.60.6.1-r5
0.60.6.1-r6
0.60.6.1-r7
0.60.6.1-r8
0.60.6.1-r9
0.60.6.1-r10
0.60.6.1-r11
0.60.6.1-r12
0.60.6.1-r13
0.60.7-r0
0.60.8-r0

Debian:11 / aspell

Package

Name
aspell
Purl
pkg:deb/debian/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / aspell

Package

Name
aspell
Purl
pkg:deb/debian/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / aspell

Package

Name
aspell
Purl
pkg:deb/debian/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / aspell

Package

Name
aspell
Purl
pkg:deb/debian/aspell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.8-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/gnuaspell/aspell

Affected ranges

Type
GIT
Repo
https://github.com/gnuaspell/aspell
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0718b375425aad8e54e1150313b862e4c6fd324a

Affected versions

rel-0.*

rel-0.60.6.1
rel-0.60.7-20110707

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2019-25051-12953271",
            "deprecated": false,
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "20741968054567667006840823718416843555",
                    "48669766990622990348110031277074531386",
                    "124478308237746286355263336210279774169",
                    "254171296138168226185731254767453214863",
                    "153130692224193140312513925859179788942",
                    "156472988026344010173180164208788218399",
                    "323763241861885492035366980822390709317",
                    "149210157173490313495831924725928229579",
                    "12064939868332011875054441098367037482",
                    "208546510027406812798791188077004362261",
                    "300012719372335497388691665153054731688",
                    "77184948482378228181740127854690497486",
                    "316060089257361314713213843910858750339",
                    "95422536966481986374742996418114234753",
                    "139530028569518203681300622749453340292",
                    "167931004292016475039514338429632601662",
                    "241598196685381485387944596351656742172",
                    "14249314018426004808875882964542643965",
                    "251432815606490957619682021619273892766",
                    "280312080848088951382755087602490042658",
                    "136630194393778155215785802581261531097",
                    "333361429658487439591629222400279209701",
                    "265385935685096533683588504798833224273",
                    "87194131836508631733108062242565292159",
                    "276704930757797464928980171564658936648",
                    "217840305157519485693617483665134267671",
                    "328697697676029868190506994853673465512",
                    "129392233186770180308298008870256738568",
                    "41363740877498903553993260101090087717",
                    "291806133784570566236115968372994891271",
                    "20923778386564086176919216718681975547",
                    "163001508768730742241893228893671638437",
                    "41363740877498903553993260101090087717",
                    "291806133784570566236115968372994891271",
                    "20923778386564086176919216718681975547",
                    "163001508768730742241893228893671638437"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a",
            "signature_type": "Line",
            "target": {
                "file": "common/objstack.hpp"
            }
        }
    ]
}