MidnightBSD

Advisories for liblouis

CVE-2014-8184 MEDIUM

A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
liblouis liblouis *
CVE-2017-13738 MEDIUM

There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
liblouis liblouis 3.2.0
CVE-2017-13739 MEDIUM

There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
liblouis liblouis 3.2.0
CVE-2017-13740 MEDIUM

There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
liblouis liblouis 3.2.0
CVE-2017-13741 MEDIUM

There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
liblouis liblouis 3.2.0
CVE-2017-13742 MEDIUM

There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
liblouis liblouis 3.2.0
CVE-2017-13743 MEDIUM

There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
liblouis liblouis 3.2.0
CVE-2017-13744 MEDIUM

There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
liblouis liblouis 3.2.0
CVE-2017-15101 HIGH

A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_workstation 7.0
liblouis liblouis *
redhat enterprise_linux_desktop 7.0
CVE-2018-11410 HIGH

An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
liblouis liblouis 3.5.0
CVE-2018-11440 MEDIUM

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
canonical ubuntu_linux 18.04
opensuse leap 15.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
liblouis liblouis 3.5.0
CVE-2018-11577 MEDIUM

Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
canonical ubuntu_linux 18.04
opensuse leap 15.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
liblouis liblouis 3.5.0
CVE-2018-11683 MEDIUM

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
canonical ubuntu_linux 18.04
opensuse leap 15.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
liblouis liblouis 3.5.0
CVE-2018-11684 MEDIUM

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
canonical ubuntu_linux 18.04
opensuse leap 15.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
liblouis liblouis 3.5.0
CVE-2018-11685 MEDIUM

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
canonical ubuntu_linux 18.04
opensuse leap 15.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
liblouis liblouis 3.5.0
CVE-2018-12085 MEDIUM

Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
opensuse leap 15.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
liblouis liblouis 3.6.0
CVE-2018-17294 MEDIUM

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
opensuse leap 15.0
liblouis liblouis *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
CVE-2022-26981 MEDIUM

Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
apple tvos *
apple watchos *
apple macos *
fedoraproject fedora 36
liblouis liblouis *
apple iphone_os *
apple ipados *
CVE-2022-31783 MEDIUM

Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
liblouis liblouis 3.21.0
fedoraproject fedora 36
CVE-2023-26767

Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
liblouis liblouis 3.24.0
CVE-2023-26768

Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
liblouis liblouis 3.24.0
CVE-2023-26769

Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
liblouis liblouis 3.24.0