Main Vulnerability Database Vulnerabilities #VU13196

#VU13196 Invalid free condition in Liblouis - CVE-2018-11410

Published: June 6, 2018 / Updated: June 12, 2018

Vulnerability identifier: #VU13196

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-11410

CWE-ID: CWE-120

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Liblouis

Software vendor:
Liblouis

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to buffer overflow in the compileRule function, as defined in the compileTranslationTable.c source code file, during table parsing operations. A remote attacker can send a specially crafted request that submits malicious input, trigger memory corruption and invalid free condition and cause the service to crash.

Remediation

Update to version 3.6.0.

External links

https://github.com/liblouis/liblouis/issues/573