Skip to main content

Liblouis CVE-2022-31783

MEDIUM
Out-of-bounds Write (CWE-787)
2022-06-02 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 02, 2022 - 14:15 nvd
MEDIUM 5.5

DescriptionNVD

Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.

AnalysisAI

Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. Affected products include: Liblouis, Fedoraproject Fedora.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2018-11410 CRITICAL POC
9.8 May 24

An issue was discovered in Liblouis 3.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitabl

CVE-2018-11577 HIGH POC
8.8 May 31

Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. Rated high severity (CVSS 8.8), this vulnerability

CVE-2022-26981 HIGH POC
7.8 Mar 13

Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by

CVE-2023-26768 HIGH POC
7.5 Mar 16

Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the c

CVE-2023-26767 HIGH POC
7.5 Mar 16

Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the l

CVE-2018-17294 MEDIUM POC
6.5 Sep 21

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's l

CVE-2017-13739 HIGH
8.8 Aug 29

There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0,

CVE-2017-13738 HIGH
8.8 Aug 29

There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0. Rat

CVE-2017-13740 HIGH
8.8 Aug 29

There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTa

CVE-2018-12085 HIGH
8.8 Jun 09

Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vu

CVE-2018-11685 HIGH
8.8 Jun 04

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. Rated

CVE-2018-11684 HIGH
8.8 Jun 04

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. Rated high se

Share

CVE-2022-31783 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy