Vulnerability Description
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Aspell | 0.50.5 |
| Gentoo | Linux | 1.4 |
References
- http://marc.info/?l=bugtraq&m=108675120224531&w=2
- http://www.gentoo.org/security/en/glsa/glsa-200406-14.xmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.securityfocus.com/bid/10497
- http://marc.info/?l=bugtraq&m=108675120224531&w=2
- http://www.gentoo.org/security/en/glsa/glsa-200406-14.xmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.securityfocus.com/bid/10497
FAQ
What is CVE-2004-0548?
CVE-2004-0548 is a vulnerability with a CVSS score of 7.2 (HIGH). Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly...
How severe is CVE-2004-0548?
CVE-2004-0548 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0548?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Aspell, Gentoo Linux.