CVE-2019-16707

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-16707
Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
https://github.com/butterflyhack/hunspell-crash Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24NTBHK2QNYKSBMJI34WEU5MHS3H2FAI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2YOYFI36IWKABNGFTWXCH7TTGAFODH6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNTSVWI4SWBQL6XMXNGEH7EAQ45WN63G/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD4AJ4M74VT3I6L37E4P5DNYZYBZIOVM/
Configurations

Configuration 1 (hide)

cpe:2.3:a:hunspell_project:hunspell:1.7.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
History

No history.

Information

Published : 2019-09-23 12:15

Updated : 2024-02-04 20:39

NVD link : CVE-2019-16707

Mitre link : CVE-2019-16707

CVE.ORG link : CVE-2019-16707

JSON object : View

Products Affected

fedoraproject

  • fedora

hunspell_project

  • hunspell
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer