{
  "threat_severity" : "Low",
  "public_date" : "2019-03-18T00:00:00Z",
  "bugzilla" : {
    "description" : "hunspell: out-of-bounds read in SuggestMgr::leftcommonsubstring in suggestmgr.cxx",
    "id" : "1771026",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1771026"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.8",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-119->CWE-125",
  "details" : [ "Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx." ],
  "statement" : "This is unlikely to be an issue in a real world scenario, as it requires specially crafted Hunspell dictionaries, which are not shipped with Red Hat Enterprise Linux. Additionally, applications using Hunspell will likely filter out invalid input before passing it on, which further limits the impact.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-09-29T00:00:00Z",
    "advisory" : "RHSA-2020:3971",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "hunspell-0:1.3.2-16.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "hunspell",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "hunspell",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-16707\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16707" ],
  "name" : "CVE-2019-16707",
  "csaw" : false
}