A vulnerability has been discovered in GNU Aspell which leads to a heap buffer overflow.
Package | app-text/aspell on all architectures |
---|---|
Affected versions | < 0.60.8-r3 |
Unaffected versions | >= 0.60.8-r3 |
GNU Aspell is a popular spell-checker. Dictionaries are available for many languages.
Multiple vulnerabilities have been discovered in GNU Aspell. Please review the CVE identifiers referenced below for details.
GNU Aspell has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list)
There is no known workaround at this time.
All aspell users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/aspell-0.60.8-r3"
Release date
February 26, 2024
Latest revision
February 26, 2024: 1
Severity
normal
Exploitable
remote
Bugzilla entries