CVE-2023-49990

Опубликовано: 12 дек. 2023

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.

A flaw was found in the espeak-ng package. A local attacker can use a specially-crafted payload to trigger a buffer overflow condition, which can lead to an application crash or allow for arbitrary code execution.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 8	espeak-ng	Will not fix
Red Hat Enterprise Linux 9	espeak-ng	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-121

https://bugzilla.redhat.com/show_bug.cgi?id=2254229espeak-ng: buffer overflow in SetUpPhonemeTable function at synthdata.c

EPSS

Процентиль: 7%

0.0003

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2023-49990

CVSS3: 5.3

ubuntu

больше 1 года назад

Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.

CVE-2023-49990

CVSS3: 5.3

nvd

больше 1 года назад

Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.

CVE-2023-49990

CVSS3: 5.3

msrc

12 месяцев назад

Описание отсутствует

CVE-2023-49990

CVSS3: 5.3

debian

больше 1 года назад

Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the ...

GHSA-x7cw-5x7j-jx35

CVSS3: 7.8

github

больше 1 года назад

Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.

EPSS

Процентиль: 7%

0.0003

Низкий

5.3 Medium

CVSS3