Debian Liblouis vulnerabilities

CVE-2023-26767 [HIGH] CVE-2023-26767: liblouis - Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacke... Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 3.24.0-2) sid: resolved (fixed in 3.24.0-2) trixie: resolved (fixed in 3.24.0-2)

CVE-2023-26769 [HIGH] CVE-2023-26769: liblouis - Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remo... Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 3.24.0-2) sid: resolved (fixed in 3.24.0-2) trixie: resolved (fixed in 3.24.0-2)

CVE-2023-26768 [HIGH] CVE-2023-26768: liblouis - Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacke... Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 3.24.0-2) sid: resolved (fixed in 3.24.0-2) trixie: resolved (fixed in 3.24.0-2)

CVE-2022-26981 [HIGH] CVE-2022-26981: liblouis - Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTra... Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). Scope: local bookworm: resolved (fixed in 3.22.0-1) bullseye: open forky: resolved (fixed in 3.22.0-1) sid: resolved (fixed in 3.22.0-1) trixie: resolved (fixed in 3.22.0-1)

CVE-2022-31783 [MEDIUM] CVE-2022-31783: liblouis - Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationT... Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. Scope: local bookworm: resolved (fixed in 3.22.0-1) bullseye: open forky: resolved (fixed in 3.22.0-1) sid: resolved (fixed in 3.22.0-1) trixie: resolved (fixed in 3.22.0-1)

CVE-2018-11410 [CRITICAL] CVE-2018-11410: liblouis - An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule fun... An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Scope: local bookworm: resolved (fixed in 3.5.0-2) bullseye: resolved (fixed in 3.5.0-2) forky: resolved (fixed in 3.5.0-2) sid: res

CVE-2018-11683 [HIGH] CVE-2018-11683: liblouis - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in c... Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. Scope: local bookworm: resolved (fixed in 3.5.0-3) bullseye: resolved (fixed in 3.5.0-3) forky: resolved (fixed in 3.5.0-3) sid: resolved (fixed in 3.5.0-3) trixie: resolved (fixed in 3.5.0-3)

CVE-2018-11685 [HIGH] CVE-2018-11685: liblouis - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenat... Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. Scope: local bookworm: resolved (fixed in 3.5.0-3) bullseye: resolved (fixed in 3.5.0-3) forky: resolved (fixed in 3.5.0-3) sid: resolved (fixed in 3.5.0-3) trixie: resolved (fixed in 3.5.0-3)

CVE-2018-11577 [HIGH] CVE-2018-11577: liblouis - Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. Scope: local bookworm: resolved (fixed in 3.5.0-3) bullseye: resolved (fixed in 3.5.0-3) forky: resolved (fixed in 3.5.0-3) sid: resolved (fixed in 3.5.0-3) trixie: resolved (fixed in 3.5.0-3)

CVE-2018-11684 [HIGH] CVE-2018-11684: liblouis - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in ... Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. Scope: local bookworm: resolved (fixed in 3.5.0-3) bullseye: resolved (fixed in 3.5.0-3) forky: resolved (fixed in 3.5.0-3) sid: resolved (fixed in 3.5.0-3) trixie: resolved (fixed in 3.5.0-3)

CVE-2018-11440 [HIGH] CVE-2018-11440: liblouis - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in c... Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c. Scope: local bookworm: resolved (fixed in 3.5.0-3) bullseye: resolved (fixed in 3.5.0-3) forky: resolved (fixed in 3.5.0-3) sid: resolved (fixed in 3.5.0-3) trixie: resolved (fixed in 3.5.0-3)

CVE-2018-12085 [HIGH] CVE-2018-12085: liblouis - Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in c... Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. Scope: local bookworm: resolved (fixed in 3.5.0-4) bullseye: resolved (fixed in 3.5.0-4) forky: resolved (fixed in 3.5.0-4) sid: resolved (fixed in 3.5.0-4) trixie: resolved (fixed in 3.5.0-4)

CVE-2018-17294 [MEDIUM] CVE-2018-17294: liblouis - The matchCurrentInput function inside lou_translateString.c of Liblouis prior to... The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries. Scope: local bookworm: resolved (fixed in 3.7.0-1) bullseye: resolved (fixed in 3.

CVE-2017-13744 [MEDIUM] CVE-2017-13744: liblouis - There is an illegal address access in the function _lou_getALine() in compileTra... There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0. Scope: local bookworm: resolved (fixed in 3.3.0-1) bullseye: resolved (fixed in 3.3.0-1) forky: resolved (fixed in 3.3.0-1) sid: resolved (fixed in 3.3.0-1) trixie: resolved (fixed in 3.3.0-1)

CVE-2017-13741 [MEDIUM] CVE-2017-13741: liblouis - There is a use-after-free in the function compileBrailleIndicator() in compileTr... There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack. Scope: local bookworm: resolved (fixed in 3.3.0-1) bullseye: resolved (fixed in 3.3.0-1) forky: resolved (fixed in 3.3.0-1) sid: resolved (fixed in 3.3.0-1) trixie: resolved (fixed in 3.3.0-1)

CVE-2017-13743 [MEDIUM] CVE-2017-13743: liblouis - There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_sho... There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack. Scope: local bookworm: resolved (fixed in 3.3.0-1) bullseye: resolved (fixed in 3.3.0-1) forky: resolved (fixed in 3.3.0-1) sid: resolved (fixed in 3.3.0-1) trixie: resolved (fixed in 3.3.0-1)

CVE-2017-13739 [HIGH] CVE-2017-13739: liblouis - There is a heap-based buffer overflow that causes a more than two thousand bytes... There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution. Scope: local bookworm: resolved (fixed in 3.3.0-1) bullseye: resolved (fixed in 3.3.0-1) forky: resolved (fixed i

CVE-2017-13742 [MEDIUM] CVE-2017-13742: liblouis - There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the funct... There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack. Scope: local bookworm: resolved (fixed in 3.3.0-1) bullseye: resolved (fixed in 3.3.0-1) forky: resolved (fixed in 3.3.0-1) sid: resolved (fixed in 3.3.0-1) trixie: resolved (fixed in

CVE-2017-13738 [HIGH] CVE-2017-13738: liblouis - There is an illegal address access in the _lou_getALine function in compileTrans... There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0. Scope: local bookworm: resolved (fixed in 3.3.0-1) bullseye: resolved (fixed in 3.3.0-1) forky: resolved (fixed in 3.3.0-1) sid: resolved (fixed in 3.3.0-1) trixie: resolved (fixed in 3.3.0-1)

CVE-2017-15101 [HIGH] CVE-2017-15101: liblouis - A missing patch for a stack-based buffer overflow in findTable() was found in Re... A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved