CVE-2018-11410Use After Free in Liblouis

CWE-416Use After FreeCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents8 sources
Severity
9.8CRITICALNVD
EPSS
0.8%
top 25.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LiblouisCanonical Ubuntu Linux
Timeline
PublishedMay 24
Latest updateMay 14

Description

An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Debianliblouis/liblouis< 3.5.0-2+3
Ubuntuliblouis/liblouis< 2.5.3-2ubuntu1.3+2

Also affects: Ubuntu Linux 14.04, 16.04, 17.10, 18.04

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
GHSA
GHSA-q952-frq9-cpf7: An issue was discovered in Liblouis 32022-05-14
OSV
liblouis vulnerabilities2018-06-04
CVEList
CVE-2018-11410: An issue was discovered in Liblouis 32018-05-24
OSV
CVE-2018-11410: An issue was discovered in Liblouis 32018-05-24

📋Vendor Advisories

3
Ubuntu
Liblouis vulnerabilities2018-06-04
Red Hat
liblouis: invalid free in compileRule function in compileTranslationTable.c2018-05-23
Debian
CVE-2018-11410: liblouis - An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule fun...2018

💬Community

2
Bugzilla
CVE-2018-11410 liblouis: invalid free in compileRule function in compileTranslationTable.c [fedora-all]2018-05-24
Bugzilla
CVE-2018-11410 liblouis: invalid free in compileRule function in compileTranslationTable.c2018-05-24
CVE-2018-11410 — Use After Free in Liblouis | cvebase