Liblouis matchCurrentInput Function Stack-Based Buffer Overflow VulnerabilitySeptember 22, 2018 am30 1:14 am

A vulnerability in the matchCurrentInput function of Liblouis could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to insufficient checking of the length of input strings by the matchCurrentInput function, as defined in the lou_translateString.c source code file of the affected software. An attacker could exploit this vulnerability by sending an input file that submits malicious input to the targeted system. An exploit could trigger a stack-based buffer overflow condition that causes the affected software to crash, resulting in a DoS condition.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

Liblouis* confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-17294

%d bloggers like this: