CVE-2019-17544

CVE-2019-17544 affects libaspell.a (GNU Aspell) up to version 0.60.7, with a stack-based buffer over-read in acommon::unescape (common/getdata.cpp) triggered by an isolated \ character. Connected documents confirm the vulnerable component is GNU Aspell and cite the same root cause, and note the f...

CVE-2019-20433

The CVE-2019-20433 issue affects GNU Aspell’s libaspell.a prior to 0.60.8, where a buffer over-read can occur for a string ending with a single ASCII NUL (’\0’) when the encoding is UCS-2 or UCS-4 outside the application, as demonstrated by the ASPELL_CONF environment variable. The vulnerability ...