CVE-2018-17294
published 2018-09-21CVE-2018-17294: The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a…
medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | liblouis | < liblouis 3.7.0-1 (bookworm) | liblouis 3.7.0-1 (bookworm) |
| liblouis | liblouis | < 3.7.0 | 3.7.0 |
| liblouis | liblouis | >= 0 < 3.7.0-1 | 3.7.0-1 |
| liblouis | liblouis | >= 0 < 3.7.0-1 | 3.7.0-1 |
| liblouis | liblouis | >= 0 < 3.7.0-1 | 3.7.0-1 |
| liblouis | liblouis | >= 0 < 3.7.0-1 | 3.7.0-1 |
| liblouis | liblouis | >= 0 < 2.5.3-2ubuntu1.5 | 2.5.3-2ubuntu1.5 |
| liblouis | liblouis | >= 0 < 2.6.4-2ubuntu0.4 | 2.6.4-2ubuntu0.4 |
| liblouis | liblouis | >= 0 < 3.5.0-1ubuntu0.3 | 3.5.0-1ubuntu0.3 |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv8.8HIGH