{"id":"CVE-2019-25051","details":"objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).","modified":"2026-04-16T04:38:46.058779186Z","published":"2021-07-20T07:15:07.677Z","related":["ALSA-2022:1808","SUSE-SU-2021:14783-1","SUSE-SU-2021:2794-1","SUSE-SU-2021:2848-1","openSUSE-SU-2021:1181-1","openSUSE-SU-2021:2794-1","openSUSE-SU-2024:10635-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H7E4EI7F6TVN7K6XWU6HSANMCOKKEREE/"},{"type":"ADVISORY","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462"},{"type":"ADVISORY","url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00021.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4948"},{"type":"FIX","url":"https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnuaspell/aspell","events":[{"introduced":"0"},{"last_affected":"c96f9b06576cde08300c14f288727c754038fe3f"},{"fixed":"0718b375425aad8e54e1150313b862e4c6fd324a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.60.8"}]}}],"versions":["rel-0.60.6.1","rel-0.60.7-20110707","rel-0.60.8"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:02:10Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25051.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}],"vanir_signatures":[{"id":"CVE-2019-25051-12953271","signature_type":"Line","deprecated":false,"target":{"file":"common/objstack.hpp"},"signature_version":"v1","source":"https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a","digest":{"threshold":0.9,"line_hashes":["20741968054567667006840823718416843555","48669766990622990348110031277074531386","124478308237746286355263336210279774169","254171296138168226185731254767453214863","153130692224193140312513925859179788942","156472988026344010173180164208788218399","323763241861885492035366980822390709317","149210157173490313495831924725928229579","12064939868332011875054441098367037482","208546510027406812798791188077004362261","300012719372335497388691665153054731688","77184948482378228181740127854690497486","316060089257361314713213843910858750339","95422536966481986374742996418114234753","139530028569518203681300622749453340292","167931004292016475039514338429632601662","241598196685381485387944596351656742172","14249314018426004808875882964542643965","251432815606490957619682021619273892766","280312080848088951382755087602490042658","136630194393778155215785802581261531097","333361429658487439591629222400279209701","265385935685096533683588504798833224273","87194131836508631733108062242565292159","276704930757797464928980171564658936648","217840305157519485693617483665134267671","328697697676029868190506994853673465512","129392233186770180308298008870256738568","41363740877498903553993260101090087717","291806133784570566236115968372994891271","20923778386564086176919216718681975547","163001508768730742241893228893671638437","41363740877498903553993260101090087717","291806133784570566236115968372994891271","20923778386564086176919216718681975547","163001508768730742241893228893671638437"]}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}