Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Hunspell: Multiple Vulnerabilities — GLSA 202409-21

Multiple vulnerabilities have been discovered in Hunspell, the worst of which could lead to arbitrary code execution.

Affected packages

Package app-text/hunspell on all architectures
Affected versions < 1.7.1
Unaffected versions >= 1.7.1

Background

Hunspell is the spell checker of LibreOffice, OpenOffice.org, Mozilla Firefox & Thunderbird, Google Chrome.

Description

Malicious input to the hunspell spell checker could result in an application crash or other unspecified behavior.

Impact

Malicious input to the hunspell spell checker could result in an application crash or other unspecified behavior.

Workaround

There is no known workaround at this time.

Resolution

All Hunspell users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-text/hunspell-1.7.1"

References

Release date
September 24, 2024

Latest revision
September 24, 2024: 1

Severity
normal

Exploitable
local

Bugzilla entries