CVE-2022-31783 — Out-of-bounds Write in Liblouis

CWE-787 — Out-of-bounds Write8 documents7 sources

Severity

5.5MEDIUMNVD

OSV7.8

EPSS

0.3%

top 43.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Liblouis Fedoraproject Fedora

Timeline

PublishedJun 2

Latest updateJun 13

Description

Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianliblouis/liblouis< 3.22.0-1+2

▶Ubuntuliblouis/liblouis< 3.5.0-1ubuntu0.4+2

▶NVDliblouis/liblouis3.21.0

Also affects: Fedora 36

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

liblouis vulnerabilities↗2022-06-13

▶

GHSA

GHSA-qh6w-j8cx-jf53: Liblouis 3↗2022-06-03

▶

OSV

CVE-2022-31783: Liblouis 3↗2022-06-02

▶

CVEList

CVE-2022-31783: Liblouis 3↗2022-05-27

▶

📋Vendor Advisories

Ubuntu

Liblouis vulnerabilities↗2022-06-13

▶

Red Hat

liblouis: invalid memory write in compileRule() in compileTranslationTable.c↗2022-05-28

▶

Debian

CVE-2022-31783: liblouis - Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationT...↗2022

▶