Liblouis vulnerabilities

CVE-2023-26767 [HIGH] CWE-120 CVE-2023-26767: Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint.

CVE-2023-26769 [HIGH] CWE-120 CVE-2023-26769: Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c.

CVE-2023-26768 [HIGH] CWE-120 CVE-2023-26768: Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions.

CVE-2022-31783 [MEDIUM] CWE-787 CVE-2022-31783: Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstra Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.

CVE-2022-26981 [HIGH] CWE-120 CVE-2022-26981: Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (cal Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).

CVE-2014-8184 [HIGH] CWE-121 CVE-2014-8184: A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow wa A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened.

CVE-2018-17294 [MEDIUM] CWE-125 CVE-2018-17294: The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.

CVE-2017-15101 [CRITICAL] CWE-121 CVE-2017-15101: A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of lib A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.

CVE-2018-12085 [HIGH] CVE-2018-12085: Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTab Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.

CVE-2018-11683 [HIGH] CVE-2018-11683: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTab Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.

CVE-2018-11685 [HIGH] CWE-787 CVE-2018-11685: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTransl Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.

CVE-2018-11684 [HIGH] CWE-787 CVE-2018-11684: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTa Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.

CVE-2018-11577 [HIGH] CWE-120 CVE-2018-11577: Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.

CVE-2018-11440 [HIGH] CWE-787 CVE-2018-11440: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTab Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.

CVE-2018-11410 [CRITICAL] CWE-416 CVE-2018-11410: An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTran An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

CVE-2017-13738 [HIGH] CWE-125 CVE-2017-13738: There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0.

CVE-2017-13740 [HIGH] CWE-119 CVE-2017-13740: There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact.

CVE-2017-13739 [HIGH] CWE-119 CVE-2017-13739: There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution.

CVE-2017-13742 [MEDIUM] CWE-119 CVE-2017-13742: There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack.

CVE-2017-13741 [MEDIUM] CWE-416 CVE-2017-13741: There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack.