CVE-2017-13742Improper Restriction of Operations within the Bounds of a Memory Buffer in Liblouis

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer Overflow11 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 39.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Liblouis
Timeline
PublishedAug 29
Latest updateMay 17

Description

There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianliblouis/liblouis< 3.3.0-1+3

🔴Vulnerability Details

4
GHSA
GHSA-vfmv-mrqv-497v: There is a stack-based buffer overflow in Liblouis 32022-05-17
OSV
liblouis vulnerabilities2017-09-04
CVEList
CVE-2017-13742: There is a stack-based buffer overflow in Liblouis 32017-08-29
OSV
CVE-2017-13742: There is a stack-based buffer overflow in Liblouis 32017-08-29

📋Vendor Advisories

3
Ubuntu
Liblouis vulnerabilities2017-09-04
Red Hat
liblouis: Stack-buffer overflow in the function includeFile()2017-08-23
Debian
CVE-2017-13742: liblouis - There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the funct...2017

💬Community

3
Bugzilla
CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744 liblouis: various flaws [fedora-all]2017-09-06
Bugzilla
CVE-2017-13742 liblouis: Stack-buffer overflow in the function includeFile()2017-09-06
Bugzilla
CVE-2017-11465 ruby: Invalid read/write in parser_yyerror function in UTF-8 parser2017-07-21
CVE-2017-13742 — Liblouis vulnerability | cvebase