Liblouis
CVE-2018-12085
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
AnalysisAI
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. Affected products include: Liblouis, Canonical Ubuntu Linux, Opensuse Leap.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
An issue was discovered in Liblouis 3.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitabl
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. Rated high severity (CVSS 8.8), this vulnerability
Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by
Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the c
Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the l
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's l
Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. Ra
There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0,
There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0. Rat
There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTa
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. Rated
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. Rated high se
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today