Vulnerabilities > CVE-2004-0548 - Stack Buffer Overflow vulnerability in GNU Aspell
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 |
Exploit-Db
| description | Aspell (word-list-compress) Command Line Stack Overflow. CVE-2004-0548. Local exploit for linux platform |
| id | EDB-ID:669 |
| last seen | 2016-01-31 |
| modified | 2004-12-01 |
| published | 2004-12-01 |
| reporter | c0d3r |
| source | https://www.exploit-db.com/download/669/ |
| title | Aspell word-list-compress Command Line Stack Overflow |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200406-14.NASL description The remote host is affected by the vulnerability described in GLSA-200406-14 (aspell: Buffer overflow in word-list-compress) aspell includes a utility for handling wordlists called word-list-compress. This utility fails to do proper bounds checking when processing words longer than 256 bytes. Impact : If an attacker could entice a user to handle a wordlist containing very long word lengths it could result in the execution of arbitrary code with the permissions of the user running the program. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version. last seen 2020-06-01 modified 2020-06-02 plugin id 14525 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14525 title GLSA-200406-14 : aspell: Buffer overflow in word-list-compress NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-153.NASL description A vulnerability was discovered in the aspell word-list-compress utility that can allow an attacker to execute arbitrary code. The updated packages have been patched to correct this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 16015 published 2004-12-21 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16015 title Mandrake Linux Security Advisory : aspell (MDKSA-2004:153)