Description
Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.
References (6)
Core 6
Core References
Exploit, Issue Tracking, Vendor Advisory
https://github.com/espeak-ng/espeak-ng/issues/1824
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/
Scores
CVSS v3
5.3
EPSS
0.0002
EPSS Percentile
5.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-120
Status
published
Products (1)
espeak-ng/espeak-ng
1.52 dev
Published
Dec 12, 2023
Tracked Since
Feb 18, 2026