| Snyk

Threat Intelligence

0.15% (53^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-DEBIANUNSTABLE-GNUCHESS-460466
published29 Aug 2019
disclosed29 Aug 2019

Report a new vulnerability Found a mistake?

Introduced: 29 Aug 2019

CVE-2019-15767 (opens in a new tab) CWE-787 (opens in a new tab)

How to fix?

Upgrade Debian:unstable gnuchess to version 6.2.7-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnuchess package and not the gnuchess package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.

References

https://security-tracker.debian.org/tracker/CVE-2019-15767
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZA4UCVURQXNLUNFAMRLZBAFRHSEVC6Q/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TB4FURVE4C35UDXGAAHJL5NIHJQ3WDZT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGIICRUZRFAK5M7SNHZKR7SKE77SFKWE/
https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00004.html
https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00005.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZA4UCVURQXNLUNFAMRLZBAFRHSEVC6Q/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TB4FURVE4C35UDXGAAHJL5NIHJQ3WDZT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGIICRUZRFAK5M7SNHZKR7SKE77SFKWE/

Out-of-bounds Write Affecting gnuchess package, versions <6.2.7-1

Severity