Bugzilla – Bug 1109319
VUL-1: CVE-2018-17294: liblouis: The matchCurrentInput function inside lou_translateString.c does not check the input string's length leading to DOS
Last modified: 2024-06-11 18:55:53 UTC
CVE-2018-17294 The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17294 https://github.com/liblouis/liblouis/issues/635 https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e
Created attachment 783892 [details] so_lou_translateString.txt QA REPRODUCER: valgrind lou_translate hu-hu-g2.ctb <so_lou_translateString.txt should not show invalid reads. (does not trigger for me on leap 42.3)
I can't reproduce the invalid read on Leap 15, but it looks as though the vulnerability is there. That function has been refactored post-3.3.0. I'll backport the patch.
SUSE-SU-2019:0795-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 1094685,1095189,1095825,1095826,1095827,1095945,1097103,1109319 CVE References: CVE-2018-11410,CVE-2018-11440,CVE-2018-11577,CVE-2018-11683,CVE-2018-11684,CVE-2018-11685,CVE-2018-12085,CVE-2018-17294 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): liblouis-3.3.0-4.5.1 SUSE Linux Enterprise Module for Desktop Applications 15 (src): liblouis-3.3.0-4.5.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:13994-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 1109319 CVE References: CVE-2018-17294 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): liblouis-1.7.0-1.3.16.1, python-louis-1.7.0-1.3.16.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): liblouis-1.7.0-1.3.16.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1160-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 1094685,1095189,1095825,1095826,1095827,1095945,1097103,1109319 CVE References: CVE-2018-11410,CVE-2018-11440,CVE-2018-11577,CVE-2018-11683,CVE-2018-11684,CVE-2018-11685,CVE-2018-12085,CVE-2018-17294 Sources used: openSUSE Leap 15.0 (src): liblouis-3.3.0-lp150.3.3.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3107-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 1109319 CVE References: CVE-2018-17294 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): liblouis-2.6.4-6.9.24 SUSE Linux Enterprise Server 12-SP5 (src): liblouis-2.6.4-6.9.24, python-louis-2.6.4-6.9.39, python3-louis-2.6.4-6.9.41 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.