Описание
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.5.0-1ubuntu0.3 |
| devel | released | 3.6.0-3ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [code not present]] |
| esm-infra/bionic | released | 3.5.0-1ubuntu0.3 |
| esm-infra/xenial | not-affected | code not present |
| precise/esm | DNE | |
| trusty | not-affected | code not present |
| trusty/esm | DNE | trusty was not-affected [code not present] |
| upstream | released | 3.7.0-1 |
| xenial | not-affected | code not present |
Показывать по
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.
The matchCurrentInput function inside lou_translateString.c of Libloui ...
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3