Main Vulnerability Database Vulnerabilities #VU38401

#VU38401 Buffer overflow in Liblouis - CVE-2017-13739

Published: August 29, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38401

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-13739

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Liblouis

Software vendor:
Liblouis

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution.

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/100607
https://bugzilla.redhat.com/show_bug.cgi?id=1484299

#VU38401 Buffer overflow in Liblouis - CVE-2017-13739

Description

Remediation

External links

Please verify you're human