Your submission was sent successfully! Close

CVE-2018-11410

Published: 24 May 2018

An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Notes

AuthorNote
leosilva
trusty and xenial hasn't the affected code.
for artful and devel POC is not reproducible. Only bionic has
core dump behaviour testing with the POC.
Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
liblouis
Launchpad, Ubuntu, Debian
artful Not vulnerable

bionic
Released (3.5.0-1ubuntu0.1)
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
other: https://github.com/liblouis/liblouis/commit/ed6b00aea08005945c9ae8a4a4503acc43f3a844.patch