{"id":"CVE-2019-17544","details":"libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \\ character.","modified":"2026-04-16T04:39:51.764705527Z","published":"2019-10-14T02:15:10.953Z","related":["SUSE-SU-2019:3034-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00027.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00021.html"},{"type":"WEB","url":"https://usn.ubuntu.com/4155-2/"},{"type":"ADVISORY","url":"https://github.com/GNUAspell/aspell/compare/rel-0.60.7...rel-0.60.8"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4155-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4948"},{"type":"ADVISORY","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109"},{"type":"FIX","url":"https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnuaspell/aspell","events":[{"introduced":"0"},{"fixed":"c96f9b06576cde08300c14f288727c754038fe3f"},{"fixed":"80fa26c74279fced8d778351cff19d1d8f44fe4e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.60.8"}]}}],"versions":["rel-0.60.6.1","rel-0.60.7-20110707"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17544.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.04"}]}],"vanir_signatures_modified":"2026-04-11T14:11:11Z","vanir_signatures":[{"deprecated":false,"target":{"file":"common/config.cpp"},"digest":{"line_hashes":["63267405354356243680074120055391035089","320706848972167965650545884929276843612","327821274106332997762033654944510410628","141062896135376033646659428694966573991"],"threshold":0.9},"signature_version":"v1","id":"CVE-2019-17544-12bd2d16","source":"https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e","signature_type":"Line"},{"deprecated":false,"target":{"file":"common/getdata.cpp","function":"unescape"},"digest":{"length":436,"function_hash":"127110612983318014681101241697171707761"},"signature_version":"v1","id":"CVE-2019-17544-21c3796e","source":"https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e","signature_type":"Function"},{"deprecated":false,"target":{"file":"common/file_util.cpp"},"digest":{"line_hashes":["73953255011546519934657047902106867136","42558228160815707996082256499373545852","21064245684511713979775939432818544288","297765886821513783330443361481767624359"],"threshold":0.9},"signature_version":"v1","id":"CVE-2019-17544-3081d369","source":"https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e","signature_type":"Line"},{"source":"https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e","target":{"file":"common/config.cpp","function":"combine_list"},"digest":{"length":366,"function_hash":"109872934052244633296099918610413084134"},"signature_version":"v1","id":"CVE-2019-17544-3c93427e","signature_type":"Function","deprecated":false},{"source":"https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e","target":{"file":"common/file_util.cpp","function":"find_file"},"digest":{"length":364,"function_hash":"120632991553998442133986991240776706626"},"id":"CVE-2019-17544-4b03732d","signature_version":"v1","signature_type":"Function","deprecated":false},{"signature_type":"Line","target":{"file":"common/getdata.cpp"},"digest":{"line_hashes":["218619807404470683381692593984580825203","293044709451460081233959699421105590642","105630015689477798759666266828483398087","147715987874243885955869714831220035131"],"threshold":0.9},"signature_version":"v1","id":"CVE-2019-17544-6dedfa44","deprecated":false,"source":"https://github.com/gnuaspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}