Main Vulnerability Database Vulnerabilities #VU38402

#VU38402 Buffer overflow in Liblouis - CVE-2017-13740

Published: August 29, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38402

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-13740

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Liblouis

Software vendor:
Liblouis

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact.

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/100607
https://access.redhat.com/errata/RHSA-2017:3111
https://bugzilla.redhat.com/show_bug.cgi?id=1484306

#VU38402 Buffer overflow in Liblouis - CVE-2017-13740

Description

Remediation

External links

Please verify you're human