Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

GNU Aspell: Heap Buffer Overflow — GLSA 202402-31

A vulnerability has been discovered in GNU Aspell which leads to a heap buffer overflow.

Affected packages

Package app-text/aspell on all architectures
Affected versions < 0.60.8-r3
Unaffected versions >= 0.60.8-r3

Background

GNU Aspell is a popular spell-checker. Dictionaries are available for many languages.

Description

Multiple vulnerabilities have been discovered in GNU Aspell. Please review the CVE identifiers referenced below for details.

Impact

GNU Aspell has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list)

Workaround

There is no known workaround at this time.

Resolution

All aspell users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-text/aspell-0.60.8-r3"

References

Release date
February 26, 2024

Latest revision
February 26, 2024: 1

Severity
normal

Exploitable
remote

Bugzilla entries