CVE-2022-26981
https://notcve.org/view.php?id=CVE-2022-26981
Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). Liblouis versiones hasta 3.21.0, presenta un desbordamiento de búfer en compilePassOpcode en el archivo compileTranslationTable.c (llamado, indirectamente, por el archivo tools/lou_checktable.c) • http://seclists.org/fulldisclosure/2022/Jul/12 http://seclists.org/fulldisclosure/2022/Jul/15 http://seclists.org/fulldisclosure/2022/Jul/16 http://seclists.org/fulldisclosure/2022/Jul/18 https://github.com/liblouis/liblouis/issues/1171 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFD2KIHESDUCNWTEW3USFB5GKTWT624L https://security.gentoo.org/glsa/202301-06 https://support.apple.com/kb/HT213340 https://support.apple.com/kb/HT213342 https://sup • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2018-17294
https://notcve.org/view.php?id=CVE-2018-17294
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries. La función matchCurrentInput dentro de lou_translateString.c de Liblouis en versiones anteriores a la 3.7 no comprueba la longitud de la cadena entrante, permitiendo a los atacantes provocar una denegación de servicio (cierre inesperado de la aplicación mediante una lectura fuera de límites) creando un archivo entrante con determinados diccionarios de traducción. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00038.html http://www.securityfocus.com/bid/105511 https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e https://github.com/liblouis/liblouis/issues/635 https://usn.ubuntu.com/3782-1 • CWE-125: Out-of-bounds Read •
CVE-2018-12085 – liblouis: Stack-based buffer overflow in compileTranslationTable.c
https://notcve.org/view.php?id=CVE-2018-12085
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. Liblouis 3.6.0 tiene un desbordamiento de búfer basado en pila en la función parseChars en compileTranslationTable.c. Esta vulnerabilidad es diferente de CVE-2018-11440. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00038.html https://github.com/liblouis/liblouis/issues/595 https://usn.ubuntu.com/3782-1 https://access.redhat.com/security/cve/CVE-2018-12085 https://bugzilla.redhat.com/show_bug.cgi?id=1589940 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •